Entries from January 2010 ↓

Security+ Objective 1.1 – Differentiate among various systems security threats – Worms

• Worms
A worm is not the same a virus.  It is a form of malware. There are specific characteristics of a worm that set it apart from other malware. Here’s what you need to know:

  • A worm reproduces by replicating itself across a network
  • A  worm needs no human action to spread itself
  • A worm doesn’t need to attach to a program or executable

Worms sometimes deliver damaging malware as payload.  Worms may or may not carry out any other function but spreading itself is damaging to a network because of the bandwidth usage. 

Just to be clear: spyware, worms, trojan horses, and other malware all have their own characteristics that set them apart.  Keep reading all the posts to make sure you know the differences.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Virus

• Virus
The term “virus” is used pretty loosely for any malicious software (malware) these days. DON’T use it loosely on the exam. There are specific characteristics of a virus that set it apart from other malware. Here’s what you need to know:

  • A virus reproduces by copying itself to “infect” its target
  • A virus doesn’t spread without human action
  • A virus is associated with an executable file of some sort

Just to be clear: spyware, worms, trojan horses, and other malware all have their own characteristics that set them apart.  Keep reading all the posts to make sure you know the differences.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Privilege escalation

• Privilege escalation
A privilege is the authority, right, or permission to perform certain activities. Escalation is to raise to another level (like the escalator at the mall). Put them together and you get someone who has privilege to a system, that has somehow raised it to a higher level. An example would be a bad guy who hacked a normal account, but really wants to get into the administrator account.

A real world example: When I was working in a computer repair shop, we were not allowed to issue refunds or void transactions. We always had to go to the owner of the shop for those kinds of activities. The owner was ALWAYS busy or gone and the customers who were asking for their money back were usually not in the mood to be patient. One day a co-worker was watching as the owner accidentally typed their password into the username box. They quickly backspaced it off the screen but it was too late. The next day, this co-worker said, “From now on, if you ever need to give a refund or void a transaction, just let me know and I can take care of it.” He had logged on as the owner and escalated his privileges in the system. Needless to say, he didn’t last too long after that.

So, any state of existing privilege being abused to gain another privilege is what we are talking about here. If you know that definition you shouldn’t have a problem answering any questions on the exam related to privilege escalation.

Go back to the Exam Objectives list

Comptia Security+ Exam Objectives

SYo-201 is the official exam number for Security Plus.  I would highly recommend that you go download these objectives from Comptia directly at http://www.comptia.org/certifications/testprep/examobjectives.aspx. I will post them here as a reference to the next series of posts.  I am going to go through each objective one by one and explain, in just the right amount of detail, what you need to know to pass the Security+ exam.  Comptia reserves the right to change these objectives any time they would like. Comptia also states that the objectives list is not exhaustive so you can’t complain if you get a test question that isn’t covered on the list. I’ve found the list to be more than adequate as I have studied for any Comptia certification test. As of the date of this article, here are the official exam objectives:

CompTIA Security+ (2008 Edition) Exam Objectives

Copyright 2008 by the Computing Technology Industry Association. All rights reserved.
The CompTIA Security+ (2008 Edition) Exam Objectives are subject to change without notice.

Domain % of Examination
1.0 Systems Security 21%
2.0 Network Infrastructure 20%
3.0 Access Control 17%
4.0 Assessments & Audits 15%
5.0 Cryptography 15%
6.0 Organizational Security 12%
  Total 100%

1.0 Systems Security

1.1 Differentiate among various systems security threats.
Privilege escalation
Virus
Worm
Trojan
Spyware
Spam
Adware
Rootkits
Botnets
Logic bomb
1.2 Explain the security risks pertaining to system hardware and peripherals.
BIOS
USB devices
Cell phones
Removable storage
Network attached storage
1.3 Implement OS hardening practices and procedures to achieve workstation and
server security.
Hotfixes
Service packs
Patches
Patch management
Group policies
Security templates
• Configuration baselines
1.4 Carry out the appropriate procedures to establish application security.
• ActiveX
• Java
• Scripting
• Browser
• Buffer overflows
• Cookies
• SMTP open relays
• Instant messaging
• P2P
• Input validation
• Cross-site scripting (XSS)
1.5 Implement security applications.
• HIDS
• Personal software firewalls
• Antivirus
• Anti-spam
• Popup blockers
1.6 Explain the purpose and application of virtualization technology.

2.0 Network Infrastructure

2.1 Differentiate between the different ports & protocols, their respective threats
and mitigation techniques.
• Antiquated protocols
• TCP/IP hijacking
• Null sessions
• Spoofing
• Man-in-the-middle
• Replay
• DOS
• DDOS
• Domain Name Kiting
• DNS poisoning
• ARP poisoning
2.2 Distinguish between network design elements and components.
• DMZ
• VLAN
• NAT
• Network interconnections
• NAC
• Subnetting
• Telephony
2.3 Determine the appropriate use of network security tools to facilitate network
security.
• NIDS
• NIPS
• Firewalls
• Proxy servers
• Honeypot
• Internet content filters
• Protocol analyzers
2.4 Apply the appropriate network tools to facilitate network security.
• NIDS
• Firewalls
• Proxy servers
• Internet content filters
• Protocol analyzers
2.5 Explain the vulnerabilities and mitigations associated with network devices.
• Privilege escalation
• Weak passwords
• Back doors
• Default accounts
• DOS
2.6 Explain the vulnerabilities and mitigations associated with various
transmission media.
• Vampire taps
2.7 Explain the vulnerabilities and implement mitigations associated with wireless
networking.
• Data emanation
• War driving
• SSID broadcast
• Blue jacking
• Bluesnarfing
• Rogue access points
• Weak encryption

3.0 Access Control

3.1 Identify and apply industry best practices for access control methods.
• Implicit deny
• Least privilege
• Separation of duties
• Job rotation
3.2 Explain common access control models and the differences between each.
• MAC
• DAC
• Role & Rule based access control
3.3 Organize users and computers into appropriate security groups and roles
while distinguishing between appropriate rights and privileges.
3.4 Apply appropriate security controls to file and print resources.
3.5 Compare and implement logical access control methods.
• ACL
• Group policies
• Password policy
• Domain password policy
• User names and passwords
• Time of day restrictions
• Account expiration
• Logical tokens
3.6 Summarize the various authentication models and identify the components of
each.
• One, two and three-factor authentication
• Single sign-on
3.7 Deploy various authentication models and identify the components of each.
• Biometric reader
• RADIUS
• RAS
• LDAP
• Remote access policies
• Remote authentication
• VPN
• Kerberos
• CHAP
• PAP
• Mutual
• 802.1x
• TACACS
3.8 Explain the difference between identification and authentication (identity
proofing).
3.9 Explain and apply physical access security methods.
• Physical access logs/lists
• Hardware locks
• Physical access control – ID badges
• Door access systems
• Man-trap
• Physical tokens
• Video surveillance – camera types and positioning

4.0 Assessments & Audits

4.1 Conduct risk assessments and implement risk mitigation.
4.2 Carry out vulnerability assessments using common tools.
• Port scanners
• Vulnerability scanners
• Protocol analyzers
• OVAL
• Password crackers
• Network mappers
4.3 Within the realm of vulnerability assessments, explain the proper use of
penetration testing versus vulnerability scanning.
4.4 Use monitoring tools on systems and networks and detect security-related
anomalies.
• Performance monitor
• Systems monitor
• Performance baseline
• Protocol analyzers
4.5 Compare and contrast various types of monitoring methodologies.
• Behavior-based
• Signature-based
• Anomaly-based
4.6 Execute proper logging procedures and evaluate the results.
• Security application
• DNS
• System
• Performance
• Access
• Firewall
• Antivirus
4.7 Conduct periodic audits of system security settings.
• User access and rights review
• Storage and retention policies
• Group policies

5.0 Cryptography

5.1 Explain general cryptography concepts.
• Key management
• Steganography
• Symmetric key
• Asymmetric key
• Confidentiality
• Integrity and availability
• Non-repudiation
• Comparative strength of algorithms
• Digital signatures
• Whole disk encryption
• Trusted Platform Module (TPM)
• Single vs. Dual sided certificates
• Use of proven technologies
5.2 Explain basic hashing concepts and map various algorithms to appropriate
applications.
• SHA
• MD5
• LANMAN
• NTLM
5.3 Explain basic encryption concepts and map various algorithms to appropriate
applications.
• DES
• 3DES
• RSA
• PGP
• Elliptic curve
• AES
• AES256
• One time pad
• Transmission encryption (WEP TKIP, etc)
5.4 Explain and implement protocols.
• SSL/TLS
• S/MIME
• PPTP
• HTTP vs. HTTPS vs. SHTTP
• L2TP
• IPSEC
• SSH
5.5 Explain core concepts of public key cryptography.
• Public Key Infrastructure (PKI)
• Recovery agent
• Public key
• Private keys
• Certificate Authority (CA)
• Registration
• Key escrow
• Certificate Revocation List (CRL)
• Trust models
5.6 Implement PKI and certificate management.
• Public Key Infrastructure (PKI)
• Recovery agent
• Public key
• Private keys
• Certificate Authority (CA)
• Registration
• Key escrow
• Certificate Revocation List (CRL)

6.0 Organizational Security

6.1 Explain redundancy planning and its components.
• Hot site
• Cold site
• Warm site
• Backup generator
• Single point of failure
• RAID
• Spare parts
• Redundant servers
• Redundant ISP
• UPS
• Redundant connections
6.2 Implement disaster recovery procedures.
• Planning
• Disaster recovery exercises
• Backup techniques and practices – storage
• Schemes
• Restoration
6.3 Differentiate between and execute appropriate incident response procedures.
• Forensics
• Chain of custody
• First responders
• Damage and loss control
• Reporting – disclosure of
6.4 Identify and explain applicable legislation and organizational policies.
• Secure disposal of computers
• Acceptable use policies
• Password complexity
• Change management
• Classification of information
• Mandatory vacations
• Personally Identifiable Information (PII)
• Due care
• Due diligence
• Due process
• SLA
• Security-related HR policy
• User education and awareness training
6.5 Explain the importance of environmental controls.
• Fire suppression
• HVAC
• Shielding
6.6 Explain the concept of and how to reduce the risks of social engineering.
• Phishing
• Hoaxes
• Shoulder surfing
• Dumpster diving
• User education and awareness training

SECURITY+ ACRONYMS

3DES – Triple Digital Encryption Standard
ACL – Access Control List
AES – Advanced Encryption Standard
AES256 – Advanced Encryption Standards 256bit
AH – Authentication Header
ALE – Annualized Loss Expectancy
ARO – Annualized Rate of Occurrence
ARP – Address Resolution Protocol
AUP – Acceptable Use Policy
BIOS – Basic Input / Output System
BOTS – Network Robots
CA – Certificate Authority
CAN – Controller Area Network
CCTV – Closed-circuit television
CHAP – Challenge Handshake Authentication Protocol
CRL – Certification Revocation List
DAC – Discretionary Access Control
DDOS – Distributed Denial of Service
DES – Digital Encryption Standard
DHCP – Dynamic Host Configuration Protocol
DLL – Dynamic Link Library
DMZ – Demilitarized Zone
DNS – Domain Name Service (Server)
DOS – Denial of Service
EAP – Extensible Authentication Protocol
ECC – Elliptic Curve Cryptography
FTP – File Transfer Protocol
GRE – Generic Routing Encapsulation
HIDS – Host Based Intrusion Detection System
HIPS – Host Based Intrusion Prevention System
HTTP – Hypertext Transfer Protocol
HTTPS – Hypertext Transfer Protocol over SSL
HVAC – Heating, Ventilation Air Conditioning
ICMP – Internet Control Message Protocol
ID – Identification
IM – Instant messaging
IMAP4 – Internet Message Access Protocol v4
IP – Internet Protocol
CompTIA Security+ (2008 Edition) Exam Objectives 10 of 11
Copyright 2008 by the Computing Technology Industry Association. All rights reserved.
The CompTIA Security+ (2008 Edition) Exam Objectives are subject to change without notice.
IPSEC – Internet Protocol Security
IRC – Internet Relay Chat
ISP – Internet Service Provider
KDC – Key Distribution Center
L2TP – Layer 2 Tunneling Protocol
LANMAN – Local Area Network Manager
LDAP – Lightweight Directory Access Protocol
MAC – Mandatory Access Control / Media Access Control
MAC – Message Authentication Code
MAN – Metropolitan Area Network
MD5 – Message Digest 5
MSCHAP – Microsoft Challenge Handshake Authentication
Protocol
MTU – Maximum Transmission Unit
NAC – Network Access Control
NAT – Network Address Translation
NIDS – Network Based Intrusion Detection System
NIPS – Network Based Intrusion Prevention System
NOS – Network Operating System
NTFS – New Technology File System
NTLM – New Technology LANMAN
NTP – Network Time Protocol
OS – Operating System
OVAL – Open Vulnerability Assessment Language
PAP – Password Authentication Protocol
PAT – Port Address Translation
PBX – Private Branch Exchange
PGP – Pretty Good Privacy
PII – Personally Identifiable Information
PKI – Public Key Infrastructure
PPP – Point-to-point Protocol
PPTP – Point to Point Tunneling Protocol
RAD – Rapid application development
RADIUS – Remote Authentication Dial-in User Server
RAID – Redundant Array of Inexpensive Disks
RAS – Remote Access Server
RBAC – Role Based Access Control
RBAC – Rule Based Access Control
RSA – Rivest, Shamir, & Adleman
S/MIME – Secure / Multipurpose internet Mail Extensions
SCSI – Small Computer System Interface
SHA – Secure Hashing Algorithm
SHTTP – Secure Hypertext Transfer Protocol
CompTIA Security+ (2008 Edition) Exam Objectives 11 of 11
Copyright 2008 by the Computing Technology Industry Association. All rights reserved.
The CompTIA Security+ (2008 Edition) Exam Objectives are subject to change without notice.
SLA – Service Level Agreement
SLE – Single Loss Expectancy
SMTP – Simple Mail Transfer Protocol
SNMP – Simple Network Management Protocol
SPIM – Spam over Internet Messaging
SSH – Secure Shell
SSL – Secure Sockets Layer
SSO – Single Sign On
STP – Shielded Twisted Pair
TACACS – Terminal Access Controller Access Control System
TCP/IP – Transmission Control Protocol / Internet Protocol
TKIP – Temporal Key Integrity Protocol
TKIP – Temporal Key Interchange Protocol
TLS – Transport Layer Security
TPM – Trusted Platform Module
UPS – Uninterruptable Power Supply
URL – Universal Resource Locator
USB – Universal Serial Bus
UTP – Unshielded Twisted Pair
VLAN – Virtual Local Area Network
VoIP – Voice over IP
VPN – Virtual Private Network
WEP – Wired Equivalent Privacy
WPA – Wi-Fi Protected Access

How to study for your Comptia Security+ Certification Exam

I have taken many certification exams in my day and have refined my study techniques. From the moment I decide to get a particular certification to the time I actually sit to take the exam is much shorter now than it was when I first started taking exams. I don’t claim that everyone learns or works the same, but I know that these tips can really help most people. I have been teaching people how to do this for many years, and now that I have started LearnSwell, I will share them with you.

Don’t read the whole book!

No matter what test you are studying for there is a book for it.  Don’t read the book!  At least not cover to cover.  There is almost always information in the book that you already know.  There is also information in the book that is not exam specific information.  So, if you read the book cover to cover, you are spending hours studying things you already know and things that are not going to help you answer questions.  If you are reading to improve your overall knowledge, go ahead and take the time to read it all.  If you just want to pass a test, just read the important stuff.

How do I know what parts to read?

If you knew what the questions were on the exam, you could just make sure you know that stuff and ignore the rest.  So there are a couple ways that you can get an idea of what that stuff is.

Get the Security+ exam objectives from Comptia

Comptia publishes them.  If you go to http://www.comptia.org/certifications/testprep/examobjectives.aspx and fill in a few blanks you can download the objectives for all of Comptia’s exams, including Security+.  The PDF lists exactly what topics you are expected to know and tells you what percentage of the exam is devoted to what areas.  The objectives can be found other places (including most study guides) but I would get it straight from the official source.  Use this as your checklist of things you know and things you need to study a little more (and things you need to study a lot more!)  As you go down the objectives list, put a check by the topics that you feel you could explain to someone else.  If you hit a topic that you don’t feel comfortable with, use the index or table of contents in your book and go read that part.  If you don’t have a book, use Google or Wikipedia to learn about the topic.  I have found Wikipedia to be especially helpful for Comptia exams.  Study the topic until you can check it off on your objectives list.

Use practice tests

Another method for finding the topics you need to work on more is to take some practice tests.  Don’t read pages and pages of material to discover what you know and don’t know.  You can spend an hour taking a practice exam and then only study the stuff you struggle with.  It’s a great way to weed out many hours of studying.  The question is…

Where do I get practice questions?

There are two major ways to get practice questions: Pay or Free.  Why would I pay if I could get it for free?  There are good reasons.  First of all, you might pay for practice questions for the same reason you paid for a book.  All of the core information in the book is available for free online.  The book is nice because the information is all there and organized for you, you don’t have to hunt things down.  You can also usually trust something you paid for more than something you found on some blog of unknown origin.  The same rules apply to practice questions.  The ones that come in a book or from a reputable company are usually going to be trustworthy.  If you find some for free on the internet somewhere, you will have to distrust it a little bit.  That just means you will have to study a little bit if you don’t agree with the answer.  I think that’s a good thing.   If you can prove that the person who posted the question online is wrong and you are right, it gives you a lot of confidence in putting one more check mark on your objectives list.

How do I get free Comptia Security+ questions?

Again, I will recommend Google.  Do a search for something like “free security plus practice exam”.  After that, mix it up and try using “test” or “questions” instead of “exam”.  Add “Comptia” to your search.  Try spelling out “plus” and using the plus symbol, or just leave it out all together.  You will usually be able to find something.  WAIT… before you do that I recommend ProProfs.com.  They have a quiz school where anyone can create a practice test.  You could go there and create a test on any topic you choose.  Many people have already created Security+ quizzes.  Just remember these people are not paid to make sure that the question is accurate so you can’t totally trust them.  That’s OK.  It just forces you to study a little more on some of the questions.  Here is what currently shows up in the quiz school when you do a search for security

One more tip on finding practice questions

When you find some practice questions you like, try copying and pasting part of the question into a google search.  This is a great way to find another source of questions with the same stuff.  This can also help you do some research on questions you disagree with.

Final note

These techniques have helped me pass many tests.  I hope you find them useful.  I will reveal some of the secrets that I use for actually taking the exam to those who register.  These secrets have helped me pass over 20 certification exams.  They are tried and true.  Just fill in your name and a valid e-mail address over there in the upper right area of LearnSwell.com and then check your e-mail.  Your odds of passing your exam will go way up!  I guess that would be the next step after studying right?  See you soon.