CramGuide&StudyNotes
Topic1:GeneralSecurityConcepts
Your ability to understand the CIA triangle (Confidentiality, Integrity, and Accessibility) will help
you in many questions that are indirectly related to the triangle on the exam. Remember that
confidentiality refers to the idea that information should remain only accessible to those who are
meant to access it; integrity is the concept that information should remain in the same form as it
was originally intended (i.e. not maliciously changed); accessibility refers to the idea that
information should be accessible (think Denial of Service)
Remember that access control refers to the ability to protect the confidentiality of information
through controlling a users access to that information. Remember the three types of
authentication factors:
Accountability refers to the idea that a user should be accountable to actions performed under
his/her name. Non-repudiation is the idea that a user should not be able to repudiate that
he/she is responsible for something (for example, a file may say to have been edited by John,
but how do we know John actually edited it?)
Make sure you understand Kerberos. Here is a condensed sequence of events: Client sends
login information to KDC (Key Distribution Center), which verifies a clients credentials and
sends a request to TGS (Ticket Granting Server). The TGS sends a TGT (Ticket Granting
Ticket) to the client.
SSO stands for Single Sign-On, or the idea that you can sign on to many services through a
single username and password system rather than having one per each
Make sure you understand and can recognize each of these attacks, as you will be tested on at
least two of these on the exam:
Buffer Overflow: Sending a malformed packet that overflows a memory address to deny
accessibility and possibly gain privileges (destroy confidentiality/integrity)
Spoofing: Hiding or disguising an address to make it appear that the requests come from
another source
Topic2:CommunicationSecurity
Remote Access Technologies include PPP (widely used for dial-up TCP/IP access), PPTP
(tunneled PPP), RADIUS (UDP-based), TACACS+ (similar to radius, but TCP-based and Cisco
proprietary)
VPN stands for Virtual Private Networking and allows for tunneled remote access
L2TP operates on the Data-Link layer; IPSec operates over Network layer and has two
protocols: AH and ESP
Telnet allows remote terminal access over clear text. SSH allows this access over an encrypted
connection
S/MIME, MOSS, PEM, PGP all email security programs. PGP is popular and uses IDEA
Applets are programs that run in a browser: Some include C#, VB.Net, Java, and ActiveX
Cookies simply store information for websites to use (they are not inherently malicious)
S-FTP is FTP over SSL (Transport Layer); TFTP offers no authentication or encryption
Disk spanning allows a file system to be spread over multiple physical drives
WTLS is WAPs built-in security system and operates off over TLS
WEP is weak security system for wireless LANs; WEP operates on Layers 1 and 2 (Physical
and Data link)
Topic3:InfrastructureSecurity
Make sure you know some basic networking concepts and hardware:
Hubs forward packets without regard to MAC address. Switches forward packets based on
MAC address. Switches are less susceptible to sniffing
Also, for the Security+ exam, an understanding of the types of firewalls is essential:
Proxy server: Special application-level gateway that ensures no direct connection between
an un-trusted and trusted network
ACL is the list that defines the rules that a packet filtering firewall follows
Dual-homed gateway: A bastion host and router between trusted and un-trusted
Screened host gateway: A bastion host that can examine traffic between trusted and untrusted
Relaying refers to the behavior of SMTP servers that will send a message from any source
(should be disabled)
Topic4:BasicsofCryptography
The work factor of an algorithm refers to the amount of resources and time it takes for the
algorithm to operate
Public-key or asymmetric algorithms are more scalable and easier to manage than symmetric or
secret key algorithms, but they require more overhead and are slower
End-to-End encryption refers to the idea that packets are encrypted at the source and decrypted
at the destination
Block ciphers encrypt clear text block-by-block while stream ciphers encrypt text in real time
Hashes do not allow for the decryption of cipher text. Think of a hash as a special type of
cryptographic "one-way," one-to-one function
Billy wants to send Sue information. Billy encrypts the information with Sue's public key,
which everyone knows
Sue receives the information Bill sent and decrypts it with her private key, which only Sue
knows
Sue sends Bill information back, encrypting it with his public key
Topic5:OrganizationalSecurity
Use common sense! We wont go over all of the silly details regarding how CompTIA feels
about the use of attack dogs to monitor physical security. However, we will note some important
ideas about protection from fire:
Business Continuity Planning refers to continuing normal day-to-day operations after a disaster
A UPS (Uninterrupted Power Supply) is a battery that stores power for temporary usage in the
case of a power outage. The point of the UPS is to prevent system failure and provide continuity
Electrical noise refers to electrical interference from other electronic devices on the action of an
electronic device
Fault tolerance refers to the ability of a system to withstand multiple points of failure
Differential: Only the data changed since the last full backup is backed up
Incremental: Only the data changed since the last full or differential backup is backed up
The greatest amount of time that a system can withstand being un-operational is called the
MTD or maximum tolerable downtime
Risk analysis is the practice of assessing which threats are relevant and pressing
Information should always be given on a "Need-to-know" basis, meaning that a user should only
know what he or she absolutely needs to know
Separation of Duties refers to the idea that multiple individuals should be responsible for the
operation of a system
Topic6:Tables&Charts
CryptographicAlgorithmsandProtocols
Name
Type
Algorithm
Size
Strength
DES
Symmetric
Block cipher
Very weak
3DES
Symmetric
Block cipher
Moderate
AES
AES
Symmetric
Strong
N/A
RC5
Symmetric
Very Strong
N/A
RSA
DiffieHellman
El Gamal
MD5
Asymmetric
Asymmetric
Rijndael Block
cipher
RSA Block
mode cipher
Key transport
Key exchange
64 bit (56 + 8
parity)
192 bit (168 bit +
24 parity)
Variable (128, 192,
256)
Variable (up to
2048)
512
N/A
Replaced
By
3DES
Strong
Moderate
N/A
El Gamal
Asymmetric
Hash
(Digest)
Key exchange
Rivest MD5
Block Hash
Very Strong
Strong
N/A
MD6, et.
Al.
SHA-1
Hash
Rivest SHA
Hash
Very Strong
N/A
HMAC
Hash
Keyed Digest
Very Strong
N/A
N/A
512 bit block
processing/ 128 bit
digest
512-bit
processing/160 bit
digest
Variable
FireSuppressionTechnology
Fire Class
A
B
C
D
Fuel
Common organic combustibles
Fuels
Electrical fires
Chemical
Suppression Tech
Water
Carbon dioxide, soda acid, Halon
Carbon dioxide, Halon
Halon, specialized agents
RemoteAccessTechnologies
Name
PPP
RADIUS
TACACS
TACACS+
PPTP
L2F
L2TP
IPSec
Type
RAS
RAS
RAS
RAS
VPN
VPN
VPN
VPN
Features
PAP, CHAP, EAP
PAP, CHAP
PAP, CHAP
Many
PPP tunneling, PAP, CHAP, EAP
Cisco Based
Combines PPTP and Cisco
Transport / Tunnel mode
Protocol
TCP/IP
UDP
UDP
TCP
Layer 2
Layer 2
Layer 2
Layer 3
Replaced By
N/A
N/A
TACACS+
N/A
L2F, L2TP
N/A
N/A
N/A
Protocol/Service
DHCP/BootP
DNS
SSH
Telnet
SMTP
TACACS+
TFTP
YahooMessengerfiletransfers
Kerberos
POP3
NNTP
IMAP
SNMP
LDAP
WindowsDirectoryServices
ISAKMP
NetBIOS
HTTPreturned
BackOrifice
Oracle
L2TP
PPTP
WindowsMessengermessages
SQLServer
ICQmessages
SIP
AOLfiletransfer
ICQvoiceandvideotraffic
WindowsMessengerfile
transfers
WindowsMessengervoiceand
video
TCP/UDP
TCP/UDP
TCP
TCP
TCP
TCP
TCP
TCP
UDP
TCP
TCP
UDP
TCP
TCP
TCP
TCP
UDP
TCP
Portnumber
67/68
953/53
22
23
25
49
69
80
88
110
119
143
161,162
389
445
500
139,445
1024
1056
1521,22,25,29
1701
1723
1863
1433,1434
3570
5060
5190
6701
6891
UDP
11324,13325
802.11
In 1997, the Institute of Electrical and Electronics Engineers (IEEE) created the first WLAN standard. They called it 802.11 after the name of
the group formed to oversee its development. Unfortunately, 802.11 only supported a maximum network bandwidth of 2 Mbps - too slow for
most applications. For this reason, ordinary 802.11 wireless products are no longer manufactured.
802.11b
IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11b supports bandwidth up to 11 Mbps,
comparable to traditional Ethernet.
802.11b uses the same unregulated radio signaling frequency (2.4 GHz) as the original 802.11 standard. Vendors often prefer using these
frequencies to lower their production costs. Being unregulated, 802.11b gear can incur interference from microwave ovens, cordless phones,
and other appliances using the same 2.4 GHz range. However, by installing 802.11b gear a reasonable distance from other appliances,
interference can easily be avoided.
Pros of 802.11b - lowest cost; signal range is good and not easily obstructed
Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band
802.11a
While 802.11b was in development, IEEE created a second extension to the original 802.11 standard called 802.11a. Because 802.11b gained
in popularity much faster than did 802.11a, some folks believe that 802.11a was created after 802.11b. In fact, 802.11a was created at the
same time. Due to its higher cost, 802.11a is usually found on business networks whereas 802.11b better serves the home market.
802.11a supports bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz. This higher frequency compared to
802.11b shortens the range of 802.11a networks. The higher frequency also means 802.11a signals have more difficulty penetrating walls
and other obstructions.
Because 802.11a and 802.11b utilize different frequencies, the two technologies are incompatible with each other. Some vendors offer hybrid
802.11a/b network gear, but these products merely implement the two standards side by side (each connected devices must use one or the
other).
Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices
Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed
802.11g
In 2002 and 2003, WLAN products supporting a newer standard called 802.11g emerged on the market. 802.11g attempts to combine the
best of both 802.11a and 802.11b. 802.11g supports bandwidth up to 54 Mbps, and it uses the 2.4 Ghz frequency for greater range. 802.11g
is backwards compatible with 802.11b, meaning that 802.11g access points will work with 802.11b wireless network adapters and vice versa.
Pros of 802.11g - fast maximum speed; signal range is good and not easily obstructed
Cons of 802.11g - costs more than 802.11b; appliances may interfere on the unregulated signal frequency
802.11n
The newest IEEE standard in the Wi-Fi category is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by
utilizing multiple wireless signals and antennas (called MIMO technology) instead of one.
When this standard is finalized, 802.11n connections should support data rates of over 100 Mbps. 802.11n also offers somewhat better range
over earlier Wi-Fi standards due to its increased signal intensity. 802.11n equipment will be backward compatible with 802.11g gear.
Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources
Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby
802.11b/g based networks.
Security Types available for 802.11
Data Protection
Technology
WEP
Description
Wired Equivalency Privacy, the original security standard for wireless LANs, easily exploited by software that can break the encryption after
capturing traffic and recognizing encryption patterns.
802.1X
802.1X is the IEEE standard for wired and wireless LAN access control. It provides a means of authenticating and authorizing devices attached
to a LAN. 802.1X defines the Extensible Authentication Protocol (EAP). EAP uses a central authentication server to authenticate each network
user. EAP also has some vulnerabilities.
LEAP
Lightweight Extensible Authentication Protocol (LEAP), developed by Cisco, is based on the 802.1X authentication framework but addresses
several weaknesses using dynamic WEP and sophisticated key management. LEAP also adds MAC address authentication.
PEAP
Protected Extensible Authentication Protocol (PEAP) provides secure transport of authentication data, including passwords and encryption
keys. With PEAP, wireless clients can be authenticated without certificates, simplifying the secure wireless LAN architecture.
WPA
Wi-Fi Protected Access (WPA) is a subset of the 802.11i security standard and is expected to replace WEP. WPA combines Temporal Key
Integrity Protocol (TKIP) and 802.1X for dynamic key encryption and mutual authentication.
TKIP
Temporal Key Integrity Protocol (TKIP) is part of the IEEE 802.11i encryption standard. TKIP provides per-packet key mixing, a message
integrity check, and a re-keying mechanism, fixing the flaws of WEP.
WPA2
WPA2 is second generation WPA, providing Wi-Fi users a high level of assurance that only authorized users can access their wireless
networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard.
IEEE Ratified
Frequency
Non-overlapping
802.11b
802.11g
802.11a
802.11n
1999
2001
1999
2008
2.4GHz
2.4GHz
5GHz
2.4GHz
5GHz
12
12
11Mbps
54Mbps
54Mbps
65Mbps
65Mbps
2, 3* or 4*
2, 3* or 4*
11Mbps
54Mbps
54Mbps
130Mbps
270Mbps
Channels
Baseline
Bandwidth Per
Channel
Number of Spatial
Streams
Max Bandwidth
Per Channel
IPv4Packetismadeupofheadersanddata.Theheaderhas13fields.
bit
offset
03
47
815
Version
Header
length
Differentiated
Services
32
64
16
18
Identification
Time to Live
Total Length
Flags
Protocol
Source Address
128
Destination Address
160
Options
160
or
192+
Data
Fragment Offset
Header Checksum
96
1931
IPv6PacketarecreatedslightlydifferentthanIPv4
Octet
Offset
Bit
Offset
32
64
96
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Version
Traffic Class
Payload Length
Flow Label
Next Header
Source Address
10
128
14
160
18
192
1C
224
Destination Address
20
256
24
288
Hop Limit