CompTIA Security+ SY0-301 is now available

The latest version of CompTIA Security+ is available today (English only, initially).  As part of the ISO/ANSI accreditation for CompTIA Security+, we update the exam every three years and there was a lot of new information to cover. The exam is still aimed at an IT security professional who has a minimum of 2 years experience in IT administration with a focus on security, day to day technical information security experience, and broad knowledge of security concerns and implementation, but there is a new emphasis on operational risk.

The new exam covers more of the approach that organizations need to take to proactively address security risk control and mitigation. Things like security policies and procedures and training staff to comply with these policies is becoming much more important for today’s security professional. Sound familiar? This is what we have also seen in our 8th Annual Trends in Information Security

 

The new exam also includes current technologies like cloud computing and virtualization. Again, the focus is on the proactive elements like designing your network security to accommodate cloud and the potential threats associated with it. Plus, the exam includes more details on forensics. The table below lists topics covered  on the new exam. 

Topic	% of Exam
Network Security	21%
Compliance & Operational Security	18%
Threats & Vulnerabilites	21%
Application, Data & Host Security	16%
Access Control & Identity Management	13%
Cryptography	11%
Total	100%

The new exam, CompTIA Security+ SY0-301, is now available at Pearson Vue and Prometric test centers worldwide.  (Study materials for the new exam will be available in the next few weeks. Watch for announcements or check our website.) Click here to find a testing center near you. Vouchers can be purchased from the CompTIA Marketplace (and the CompTIA EMEA Marketplace)The current version of the exam, CompTIA Security+ SY0-201, retires December 31, 2011.

Visit GetCertified4Less to save on your Security+ Certification. 

Network+ Exam Objectives 1.2

1.2 Identify commonly used TCP and UDP default ports

Since like people, computers are able to perform a variety of tasks at one time, there is a need for both TCP and UDP ports. These ports are able to identify packets so that they can be identified, processed, and used properly. Each packet is identified using a set port number, which allows each packet to receive the specific services they need. Port numbers can also be used to filter traffic amongst a network.

• TCP ports – Transmission control protocol ports are a core protocol of the IPS suite. There are 65,536 TCP ports available today. Some ports are used much more commonly than others while some are rarely used much at all. TCP ports are divided in three types: well-known ports, registered ports, and dynamic/private ports. Often times an application is designed to connect to a well known port and then move to a dynamic or private port to continue a connection.

• FTP – 20, 21 – Well known TCP port used for data transfer and data control.

• SSH – 22 – Well known TCP port used for SSH purposes to ensure secure logins, file transfers, and port forwarding.

• TELNET – 23 – Well known TCP port used for unencrypted text communications.

• SMTP – 25 – Well known TCP port used for used for e-mail routing between mail servers.

• DNS – 53 – DNS is a TCP and UDP port. Domain name system often known as the Internet’s phone book as it translates website addresses into IP addresses. On the TCP level DNS is needed when the response data size exceeds 512 bytes.

• HTTP – 80 – Well known TCP/UDP port; hypertext transfer protocol. It is the port that controls the basic foundation and structure of the Internet.

• POP3 – 110 – Well known TCP port; post office protocol version 3. POP3 is mostly used by local e-mail clients in order to retrieve e-mail from a remote server over a TCP/IP connection.

• NTP – 123 – Well known TCP port used for used for time synchronization.

• IMAP4 – 143 – Well known TCP port used for managing email messages.

• HTTPS – 443 – Well known TCP port needed to create an encrypted communication and secure identification of a network’s web server.

• UDP ports – UDP, user datagram protocol ports, are used and needed so that computer applications are able to send messages to other hosts on an IP network. With UDP, applications do not require any type of prior communication in order to create special transmission channels or data paths.

• TFTP – 69 – TFTP (Trivial File Transfer Protocol), a UDP port, is extremely limited and simple and is mostly used for the automated transfer of configuration or boot files between machines locally.

• DNS – 53 – Domain name system often known as the Internet’s phone book as it translates website addresses into IP addresses.

• BOOTPS/DHCP – BOOTPS is needed to obtain an IP address from a configuration server. DHCP is needed so that a computer is able to automatically configure itself. With DHCP, a network administrator is not needed to intervene.

Network+ Exam Objectives 1.1

    1.1  Explain the function of common networking protocols

A protocol is a standard that is able to control and enable a connection, data transfer, or communication between two endpoints. It can be implemented by software, hardware, or a mixture of them both. A protocol can be used to set the semantics, syntax, and the synchronization between devices. Simply put, a protocol defines how a hardware connection will work.

Networking protocols can specify how to format a message, how to start and end a message, error correction within messages, handshaking, detecting connection loss, and many other properties.

•        TCP – Part of the TCP/IP suite working in the transport layer, TCP, also known as the Transmission Control Protocol, is most notably used for error recovery as well as data flow control. TCP waits for the acknowledgement from the destination that error-free packets have been received. Packets that are not acknowledged within a certain time frame are then sent back. TCP is most widely used for protocols that need to have guaranteed delivery. This includes SMTP, HTTP, and FTP.

•        FTP – File Transfer Protocol (FTP), works at the application layer of the TCP/IP suite. FTP is used to provide for the basic rules of behavior for transferring files over the Internet as well as through an intranet. FTP is able to browse through file structures on a remote computer which are then transferred between computers, on the Internet, or through an intranet connection. FTP can also be used as an application for file transfer, hence the name. 

•        UDP – User Datagram Protocol (UDP) is used to broadcast packets, or datagrams, throughout a network but the protocol is only able to make the best possible effort to deliver them to the proper destination. The protocol does not use implicit handshaking which makes the protocol unreliable as packets can be received in the wrong order, duplicated, or even worse, can go missing. UDP is connectionless and is found in the transport layer of the TCP/IP suite, a core piece of the suite. UDP is most commonly used by multimedia over internet applications because they can be monitored and have the ability to have their own acknowledgements.

•        TCP/IP suite – The TCP/IP, also called the internet protocol suite, is a set of protocols needed for communications that is used for the Internet and any other type of similar networks. Each layer deals with the transmission of data with each layer depending on the one below it. The highest layers deal with abstract data which means the lower layers must be able to translate the data into specific forms that can be transmitted physically. The TCP/IP suite consists of four layers including the link, the internet, the transport, and the application layer. Sometimes TCP/IP is mapped into a seven-layer model, known as the OSI model.

•        DHCP – Dynamic host configuration protocol (DHCP) is a service more so than a protocol. When a client comes on a network, an IP address has to be assigned. Using DHCP, all clients that come on to a network are automatically assigned an IP. This saves time and manpower as there is no need to statically assign each computer an IP address. DHCP can provide information such as the DNS’ address.

•        TFTP – Trivial File Transfer Protocol, TFTP, a connectionless protocol in the application layer, is used for transferring files throughout a network, usually the transfer of configuration or boot files in a local environment as well as for files being transferred from a computer to a router or switch. TFTP is considered to be very limited, especially when you compared to FTP. TFTP is often used along with UDP for a low overhead protocol without any type of guaranteed or 100% successful delivery. The protocol can be used for management purposes and is used for the most basic file transfers.

•        DNS – Domain name system (DNS) is both a protocol and a service. It is able to resolve hostnames from computers and other network clients. Known for its “friendly naming” services, DNS remembers IP addresses so that users don’t have to. Simply typing in a website name will work as opposed to typing in the IP address.

•        HTTP(S) – Hypertext Transfer Protocol Secure is much more advantageous over using HTTP since HTTP requests are sent in clear text, which negates any sort of secure communication. With HTTPS, a more secure environment is created as the protocol uses SSL which encrypts the information that is being sent. HTTPS only works if both the server and client support the protocol, which is nearly standard in today’s world. Websites starting with https:// use the HTTPS protocol.

•        ARP – ARP is used in order to resolve addresses to MAC addresses on the internet layer. ARP uses a cache that is first checked. If an entry is not found in the cache, the protocol then uses a broadcast in order to determine a client’s MAC address. ARP is mostly used for background service but can be used for troubleshooting purposes as well.

•        SIP (VoIP) – Session Initiation Protocol (SIP) work on the application layer and is used for controlling and managing voice and video calls (VoIP) and other multimedia communication sessions. SIP can be used to create, end, and modify, two and multiparty sessions that involve one or more media streams. Using SIP, modifications such as changing ports and addresses, inviting participants, adding and deleting streams, and other actions can be completed. SIP is often used for video conferencing, file transfers, online games, instant messaging, and streaming multimedia.

•        RTP (VoIP) – Real-time Transport Protocol (RTP) is used to define a standardized packet format that is needed in order to deliver video and audio over IP networks (VoIP). RTP is commonly used in entertainment and communication systems that require use of streaming media, such as push-to-talk and video teleconferencing. RTP works in the application layer and is often used with RTCP so that the quality of service can be monitored.

•        SSH – Secure Shell (SSH), working in the application layer, allows for the ability to log onto a computer remotely. When the connection is made, a user is able to move files, execute commands, and other actions all in an encrypted and secure environment. SSH usually involves the management of files that are sensitive and confidential. With SSH these files can be moved from server to server between or on networks.

•        POP3 – POP3, working at the application layer, is used to store and retrieve emails on a variety of server. With POP3 users are able to access, read, and download emails from the set mail servers by using a client.

•        NTP – Network Time Protocol (NTP) is a protocol used for the synchronizing of computer clocks over variable-latency data and packet-switched networked. It is used to act against the effects of variable latency. 

•        IMAP4 – With IMAP4, users are able to store and retrieve email messages from servers. IMAP4 allows users to either read the email on the server or download the email to a client in order to read them. IMAP4 works on the application layer and is very commonly used by those who need to have access to their email from several different locations. Because the email resides on a server, it can be accessed from more than one location.

•        Telnet – Working at the application layer, Telnet is used to create a virtual terminal that allows for connection to a managing server. Telnet uses an authentication method through clear text, therefore making it highly unsecure. Nowadays Telnet is mostly used for creating connections between computers and routers, switches, servers, and others, usually for remote management purposes.

•        SMTP – Simple Mail Transfer Protocol (SMTP) is purely used to send mail messages (e-mail) within or between networks. The protocol works in the application layer and with the use of TCP, is able to ensure delivery of mail to remote hosts.

•        SNMP2/3 – Simple Network Management Protocol Version 2/3 (SNMP2/3) is a protocol widely used by workstations, printers, racks, servers, switches, and routers as a way to monitor network-attached devices. SNMP versions 2 and 3 are much more cryptographically secure.

•        ICMP – The Internet Control Message Protocol (ICMP) is used for functionality reporting and error checking and works at the internet layer. It can be used to provide basic background services that provide information to network administrators. ICMP is also widely used as a part of a ping tool in order to test for proper network connectively. It is able to send an echo reply when an echo quest is sent. It can also send messages such as time exceeded, destination host unreachable, and other error messages that may be given when a ping test fails..

•        IGMP – Internet Group Management Protocol (IGMP) is a communications protocol mostly used by adjacent routers and hosts on IP-based networks. IGMP is used to create multicast group memberships and is a part of the IP multicast specification. It is commonly used for gaming and video streaming.

•        TLS – Transport Layer Security (TLS) is a cryptographic protocol that provides communications security on the Internet. TLS is used to encrypt the network connections above the transport layer by using symmetric cryptography. TLS allows server and client applications to communicate across a network. These communications are safe from tampering and eaves dropping because a connection will only occur if a flawless handshake is preformed. Each client and server must agree on set parameters before a secure connection is created.

Prometric Out and Pearson VUE In

Oracle Selects Pearson VUE to Deliver Java, Oracle Solaris, MySQL and Other Former Sun Certification Exams

Effective June 1, 2011, Java, Oracle Solaris, MySQL, and NetBeans certification exams will be offered exclusively through a new test delivery partner — Pearson VUE — and will no longer be available through Prometric. This will consolidate all Oracle Certification exams within the operations of a single testing vendor so we can provide better service and global testing coverage for these Oracle certification exams. Pearson VUE currently has over 5,000 test centers worldwide in 165 countries.

To help prepare you for this transition, here are some important dates for you to be aware of:

• If you are currently following a certification path and are planning to take an exam on/after June 1: Registration will begin at Pearson VUE on May 16, 2011 for all scheduled exams on or after June 1. Visit pearsonvue.com/oracle on or after May 16 to create a new web account and get started.
• If you are currently registered to take an exam with Prometric or planning to take an exam before June 1: You can continue to register at Prometric through May 23, 2011 (walk-in registrations will be permitted through May 31, 2011), but you must complete your exam by May 31, 2011.
• If you currently have a Sun or Oracle exam voucher or exam retake voucher: All vouchers will still be valid through their original expiration date and will be redeemable with Pearson VUE starting on May 16, 2011.

ACTION REQUIRED ON May 16, 2011:
Beginning May 16, 2011 it will be important for you to create a new Pearson VUE account so you can access your certification history and register for new exams after the transition. We will post instructions on how to set up your new account at Pearson VUE and if you have a testing account with Prometric - how to ensure that your old and new accounts are correctly linked.

Additional Information
For more information, view the full announcement and Frequently Asked Questions online at certification.oracle.com.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification 

Microsoft Price Increase

Official Press Release from Microsoft

Effective July 1, 2011, the retail price of Microsoft Certifications will increase worldwide.* This change reflects the significant value that our certifications provide to our customers and our continual investment in new and enhanced Microsoft Certifications and other program improvements. 

Microsoft recognizes the increased pressures on students and academic institutions during these challenging economic times. Although some of the prices for Microsoft Certification exams for students and academic institutions will increase, the discount will remain significant. Microsoft is dedicated to helping students become more employable for entry jobs in the IT industry. IT Academy members, high school, college, or university students enrolled in a degree or diploma program will continue to receive a discount off the retail price of select Microsoft Certification exams. 

*Price change will be effective in India on August 1, 2011.  

The last time MLG increased prices was about nine years ago, when exams were incrementally increased from $100 to $125. For FAQ on the MS price increase visit Microsoft. 

Visit GetCertify4Less or our new site GetCertified4Less to save on your Microsoft certification 

Security+ Exam Objectives 6.6

6.6 Explain the concept of and how to reduce the risks of social engineering.

Social engineering isn’t always used for negative purposes but in the IT world today, social engineering has become a very popular way of gaining personal information and other data. Social engineering is an exploitation of normal human nature and behavior, making it one of the hardest tools to combat. Social engineering works by convincing a user to perform an action, such as clicking a link, which can then gain unauthorized access to personal and confidential information. Social engineering can occur in many different ways, through emails, phone calls, and other methods. Email hoaxes are most commonly used and seen today. No matter the method, the intention of all social engineering attacks is to convince the user (victim) to reveal information that otherwise would not be shared.

Social engineering can grant one access to all sorts of information including names, address, contact information, credit card numbers, E-mail addresses, and so on.

Phishing – Phishing attacks are mostly aimed at stealing someone’s identity or credentials. With phishing the attacker is basically “fishing for information,” hence the name. Phishing attacks can take place in various forms and types of communication including emails, phone calls, instant messaging, forums, message boards, and other methods.

Hoaxes – Hoaxes convince a user to complete a certain action that then lowers their IT security. Hoaxes are usually done in the form of emails sent to victims that instruct victims to complete a certain action in order to protect themselves, such as “click this link to download a program to rid your computer of viruses.” hoaxes are often seen and emails and are popularized through the success of having victims forward the hoax email to friends and relatives. Malicious software linked to a hoax can do all sorts of damage to a computer, including deleting booting files and folders as well as installing registry keys and other types of viruses-infected files.

Shoulder surfing – Shoulder surfing doesn’t require direct contact with a victim. Instead the attacker is able to observe the target entering information through the use of a keypad or keyboard. Looking over the victims shoulder to watch keystrokes is the easiest method though some attackers may use camera, binoculars, and other tools to gain sight of confidential information such as PINs, entry codes, credit card numbers, and other data. Being aware of your surroundings is the best way to combat shoulder surfing.

Dumpster diving – Sifting through dumpsters, trash cans, and other waste receptacles is often considered to be dumpster diving. Dumpster diving, from a computer-users’ standpoint, involves an attacker going through specific locations to gather and use information from print outs such as printed emails, documents, spreadsheets, and so on. Dumpster diving can be easily solved through the use of a pre-set discarding plan where documents are shredded, burned, or sent to a company for proper discarding.

User education and awareness training – Combating the effectiveness of social engineering can be hard as the attack technique has become so sophisticated and almost natural. The best way to help fight against social engineering attacks is to educate users and keep them up-to-date on social engineering trends. This means educating users on the importance of only opening emails from solicited users, avoiding clicking unknown links, keeping personal email use to a minimum, avoiding opening spam emails, being aware of their surroundings, and only sharing information with those who need it. Users should know what social engineering is and should be well aware of the tell-tale signs of an attack. Some businesses may opt to undergo social engineering drills where situations are pre-set to see how well users understand the importance of being aware and how much educating them has either helped or not.

Though user education and awareness is ongoing, advancing and is definitely a necessary part of the battle against the effectiveness of social engineering and the risks it brings, recent studies have shown that education and training isn't a true cure for social engineering. In fact, these studies showed that employees are still very likely to click on infected links and files from emails. The nature of human curiosity and the convincing tones of most social engineering attacks are what make the method so reliable and effective for those looking to gain personal information and data.

Security+ Exam Objectives 6.5

6.5 Explain the importance of environmental controls.

Designing, maintaining, and working in a secure and safe location is important for any company and its IT infrastructure. Managing electricity, ensuring the space stays free of dust, smoke, and debris, ensuring that proper conditioning is in place to maintain a suitable room temperature and humidity level, preventing accidents that may be caused by spilled liquids or food, avoiding strong magnetic fields, and other factors must all be taken into consideration. Environmental controls are just as important as proper security implementation. A system can be amazingly secure but if it is housed in an unsafe location, the security of the system does not much matter. A secure system is even safer, more secure, and protected at a location with 

proper environmental controls.

·   Fire suppression – Where there is electrical equipment, there is always a chance of a fire occurring. Fire suppression is very important to have in place, especially in the server, vault, or communication/data center of your infrastructure. Water and sprinkler-systems should never be used as a method for fire suppression when dealing with any type of hardware as water will ruin the equipment. Nowadays gas-based suppression systems are widely used as they do not cause harm to the equipment physically. However they may not be most ideal for those working with these set locations.

A very common type of equipment used for fire suppression is fire extinguishers. These should be present even if a fixed system is in place. It’s important that fire extinguishers are inspected on an annual basis and replaced as required

·   HVAC – HVAC management is mostly important for the health and condition of your most important hardware, though all hardware should be kept in mind. HVAC deals with both temperature and humidity levels within a set location. In the server or vault room, the temperature should be kept at or below 70 degrees Fahrenheit. Too high of a temperature can cause hardware to overheat which can cause all sorts of failures and system interruptions. Throughout the entire location humidity levels should stay within the 40-60% range to ensure that the air is not too dry or too moist. Low humidity can cause static electricity to accumulate and high humidity can lead to condensation which can bring harmful moisture to mission critical hardware.

·   Shielding – Shielding deals with the separation needed between network-communication cables along with power distribution cables. In most environments, these two cable types should be isolated and run in separate conduits. They should be shielded from each other to ensure that magnetic fields often created by power cables do not interfere with the network cables needed for communication purposes.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification