Security+Certification

CramGuide&StudyNotes

Topic 1: General Security Concepts........................................................................................................2

Topic 2: Communication Security............................................................................................................3
Topic 3: Infrastructure Security................................................................................................................4
Topic 4: Basics of Cryptography..............................................................................................................5
Topic 5: Organizational Security..............................................................................................................5
Topic 6: Tables & Charts...........................................................................................................................7

Topic1:GeneralSecurityConcepts

Your ability to understand the CIA triangle (Confidentiality, Integrity, and Accessibility) will help
you in many questions that are indirectly related to the triangle on the exam. Remember that
confidentiality refers to the idea that information should remain only accessible to those who are
meant to access it; integrity is the concept that information should remain in the same form as it
was originally intended (i.e. not maliciously changed); accessibility refers to the idea that
information should be accessible (think Denial of Service)

Remember that access control refers to the ability to protect the confidentiality of information
through controlling a users access to that information. Remember the three types of
authentication factors:

Type 1: What you know: Information, like passwords

Type 2: What you have: Items, like lock-and-key or cards

Type 3: What you are (Most secure): Biometrics, like fingerprints

Accountability refers to the idea that a user should be accountable to actions performed under
his/her name. Non-repudiation is the idea that a user should not be able to repudiate that
he/she is responsible for something (for example, a file may say to have been edited by John,
but how do we know John actually edited it?)

Make sure you understand Kerberos. Here is a condensed sequence of events: Client sends
login information to KDC (Key Distribution Center), which verifies a clients credentials and
sends a request to TGS (Ticket Granting Server). The TGS sends a TGT (Ticket Granting
Ticket) to the client.

SSO stands for Single Sign-On, or the idea that you can sign on to many services through a
single username and password system rather than having one per each

Make sure you understand and can recognize each of these attacks, as you will be tested on at
least two of these on the exam:

SYN Flood: Sending TCP packets to deny accessibility

ICMP Flood: Sending ICMP (usually ping) packets to deny accessibility

UDP Flood: Sending UDP packets to deny accessibility

Smurf: A special ICMP Flood attack that broadcasts ICMP requests

Buffer Overflow: Sending a malformed packet that overflows a memory address to deny
accessibility and possibly gain privileges (destroy confidentiality/integrity)

Backdoor: Gain access through a secret program (Trojan horse)

Sniffing: Read information off the network

Spoofing: Hiding or disguising an address to make it appear that the requests come from
another source

Man-in-the-Middle: Intercepting packets and changing the contents (denies confidentiality

and integrity)

Replay: Session key sniffed and then used

Birthday attack: Probability-based

Social engineering: Low-tech attack on people who dont understand security

Virus: Propagates through user action (usually email)

Worm: Self-propagating and uses exploits

Topic2:CommunicationSecurity

Remote Access Technologies include PPP (widely used for dial-up TCP/IP access), PPTP
(tunneled PPP), RADIUS (UDP-based), TACACS+ (similar to radius, but TCP-based and Cisco
proprietary)

VPN stands for Virtual Private Networking and allows for tunneled remote access

L2TP operates on the Data-Link layer; IPSec operates over Network layer and has two
protocols: AH and ESP

Telnet allows remote terminal access over clear text. SSH allows this access over an encrypted
connection

S/MIME, MOSS, PEM, PGP all email security programs. PGP is popular and uses IDEA

Applets are programs that run in a browser: Some include C#, VB.Net, Java, and ActiveX

S-HTTP is connectionless while SSL is connection-oriented; SSL 3.0 is known as TLS

Cookies simply store information for websites to use (they are not inherently malicious)

S-FTP is FTP over SSL (Transport Layer); TFTP offers no authentication or encryption

Active Directory is Microsofts implementation of LDAP

DNS maps IP addresses to DNS names

Disk spanning allows a file system to be spread over multiple physical drives

WTLS is WAPs built-in security system and operates off over TLS

802.11 is the standard for wireless, and includes sub-standards a, b, g, and n

SSID is the name of a network based in infrastructure mode

WEP is weak security system for wireless LANs; WEP operates on Layers 1 and 2 (Physical
and Data link)

802.1x is a key management protocol that uses EAP

Topic3:InfrastructureSecurity

Make sure you know some basic networking concepts and hardware:

Routers connect dissimilar networks

Hubs forward packets without regard to MAC address. Switches forward packets based on
MAC address. Switches are less susceptible to sniffing

Firewalls control traffic between a trusted and un-trusted network

Cladding is the glass insulator in fiber optic cabling

STP cabling is said to be shielded against EMI, or electric interference

Also, for the Security+ exam, an understanding of the types of firewalls is essential:

Packet filtering: Works by examining headers

Circuit-level gateway: Maintains state information (connection-based)

Application-level gateway: Examines each packet coming in for content

Proxy server: Special application-level gateway that ensures no direct connection between
an un-trusted and trusted network

ACL is the list that defines the rules that a packet filtering firewall follows

The exam tests heavily on the security zone designs or topologies:

Screening router: One router between the trusted and un-trusted

Dual-homed gateway: A bastion host and router between trusted and un-trusted

Screened host gateway: A bastion host that can examine traffic between trusted and untrusted

Screened-subnet: A bastion host (and DMZ zone) between two routers

Its important to understand the distinctions of IDS systems:

Active: Finds and attempts to circumvent threats (more susceptible to attacks)

Passive: Finds threats and alerts administrator

Network-based: Operates as independent network node

Host-based: Requires that special software be installed on each node

Knowledge-based: Works using signatures and known attacks

Behavior-based: Works by analyzing baseline v. real-time network traffic

Relaying refers to the behavior of SMTP servers that will send a message from any source
(should be disabled)

Patches fix security issues from vendors

Anonymous services allow access without authentication

Topic4:BasicsofCryptography

The work factor of an algorithm refers to the amount of resources and time it takes for the
algorithm to operate

Encryption is the process of converting clear text into cipher text

Decryption is the process of converting cipher text into clear text

A key is the value that can encrypt or decrypt text

Cipher text is encrypted text. Clear text is plain or un-encrypted text

Public-key or asymmetric algorithms are more scalable and easier to manage than symmetric or
secret key algorithms, but they require more overhead and are slower

End-to-End encryption refers to the idea that packets are encrypted at the source and decrypted
at the destination

AES is a symmetric algorithm based on Rijndael Block Cipher

Block ciphers encrypt clear text block-by-block while stream ciphers encrypt text in real time

Symmetric algorithms include: DES, 3DES, AES, IDEA

Asymmetric algorithms include: Diffie-Hellman, RSA, El Gamal

Hashes do not allow for the decryption of cipher text. Think of a hash as a special type of
cryptographic "one-way," one-to-one function

Here is a brief overview of how asymmetric or public-key cryptography works:

Billy wants to send Sue information. Billy encrypts the information with Sue's public key,
which everyone knows

Sue receives the information Bill sent and decrypts it with her private key, which only Sue
knows

Sue sends Bill information back, encrypting it with his public key

Bill decrypts the information using his private key

Topic5:OrganizationalSecurity

Use common sense! We wont go over all of the silly details regarding how CompTIA feels
about the use of attack dogs to monitor physical security. However, we will note some important
ideas about protection from fire:

Fire requires fuel, heat, and oxygen to burn

Combustions products are water, carbon dioxide, and heat

Different classes of fires require different suppressants

Business Continuity Planning refers to continuing normal day-to-day operations after a disaster

Disaster Recovery Planning refers to fixing the problems a disaster causes

PVC piping releases toxic chemicals when burned

A power spike is a rush of power

A UPS (Uninterrupted Power Supply) is a battery that stores power for temporary usage in the
case of a power outage. The point of the UPS is to prevent system failure and provide continuity

Electrical noise refers to electrical interference from other electronic devices on the action of an
electronic device

Clustering data systems increases reliability

Fault tolerance refers to the ability of a system to withstand multiple points of failure

Backup types that you should know for the exam:

Full: The information is backed up in entirety

Differential: Only the data changed since the last full backup is backed up

Incremental: Only the data changed since the last full or differential backup is backed up

The greatest amount of time that a system can withstand being un-operational is called the
MTD or maximum tolerable downtime

Risk analysis is the practice of assessing which threats are relevant and pressing

Information should always be given on a "Need-to-know" basis, meaning that a user should only
know what he or she absolutely needs to know

Separation of Duties refers to the idea that multiple individuals should be responsible for the
operation of a system

Topic6:Tables&Charts
CryptographicAlgorithmsandProtocols
Name

Type

Algorithm

Size

Strength

DES

Symmetric

Block cipher

Very weak

3DES

Symmetric

Block cipher

Moderate

AES

AES

Symmetric

Strong

N/A

RC5

Symmetric

Very Strong

N/A

RSA
DiffieHellman
El Gamal
MD5

Asymmetric
Asymmetric

Rijndael Block
cipher
RSA Block
mode cipher
Key transport
Key exchange

64 bit (56 + 8
parity)
192 bit (168 bit +
24 parity)
Variable (128, 192,
256)
Variable (up to
2048)
512
N/A

Replaced
By
3DES

Strong
Moderate

N/A
El Gamal

Asymmetric
Hash
(Digest)

Key exchange
Rivest MD5
Block Hash

Very Strong
Strong

N/A
MD6, et.
Al.

SHA-1

Hash

Rivest SHA
Hash

Very Strong

N/A

HMAC

Hash

Keyed Digest

Very Strong

N/A

N/A
512 bit block
processing/ 128 bit
digest
512-bit
processing/160 bit
digest
Variable

FireSuppressionTechnology
Fire Class
A
B
C
D

Fuel
Common organic combustibles
Fuels
Electrical fires
Chemical

Suppression Tech
Water
Carbon dioxide, soda acid, Halon
Carbon dioxide, Halon
Halon, specialized agents

RemoteAccessTechnologies
Name
PPP
RADIUS
TACACS
TACACS+
PPTP
L2F
L2TP
IPSec

Type
RAS
RAS
RAS
RAS
VPN
VPN
VPN
VPN

Features
PAP, CHAP, EAP
PAP, CHAP
PAP, CHAP
Many
PPP tunneling, PAP, CHAP, EAP
Cisco Based
Combines PPTP and Cisco
Transport / Tunnel mode

Protocol
TCP/IP
UDP
UDP
TCP
Layer 2
Layer 2
Layer 2
Layer 3

Replaced By
N/A
N/A
TACACS+
N/A
L2F, L2TP
N/A
N/A
N/A

Protocol/Service
DHCP/BootP
DNS
SSH
Telnet
SMTP
TACACS+
TFTP
YahooMessengerfiletransfers
Kerberos
POP3
NNTP
IMAP
SNMP
LDAP
WindowsDirectoryServices
ISAKMP
NetBIOS
HTTPreturned
BackOrifice
Oracle
L2TP
PPTP
WindowsMessengermessages
SQLServer
ICQmessages
SIP
AOLfiletransfer
ICQvoiceandvideotraffic
WindowsMessengerfile
transfers
WindowsMessengervoiceand
video

TCP/UDP

TCP/UDP

TCP
TCP

TCP
TCP
TCP
TCP

UDP

TCP

TCP

UDP
TCP
TCP

TCP

TCP
UDP
TCP

Portnumber
67/68
953/53
22
23
25
49
69
80
88
110
119
143
161,162
389
445
500
139,445
1024
1056
1521,22,25,29
1701
1723
1863
1433,1434
3570
5060
5190
6701
6891

UDP

11324,13325

802.11
In 1997, the Institute of Electrical and Electronics Engineers (IEEE) created the first WLAN standard. They called it 802.11 after the name of
the group formed to oversee its development. Unfortunately, 802.11 only supported a maximum network bandwidth of 2 Mbps - too slow for
most applications. For this reason, ordinary 802.11 wireless products are no longer manufactured.

802.11b
IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11b supports bandwidth up to 11 Mbps,
comparable to traditional Ethernet.

802.11b uses the same unregulated radio signaling frequency (2.4 GHz) as the original 802.11 standard. Vendors often prefer using these
frequencies to lower their production costs. Being unregulated, 802.11b gear can incur interference from microwave ovens, cordless phones,
and other appliances using the same 2.4 GHz range. However, by installing 802.11b gear a reasonable distance from other appliances,
interference can easily be avoided.

Pros of 802.11b - lowest cost; signal range is good and not easily obstructed
Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band

802.11a
While 802.11b was in development, IEEE created a second extension to the original 802.11 standard called 802.11a. Because 802.11b gained
in popularity much faster than did 802.11a, some folks believe that 802.11a was created after 802.11b. In fact, 802.11a was created at the
same time. Due to its higher cost, 802.11a is usually found on business networks whereas 802.11b better serves the home market.

802.11a supports bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz. This higher frequency compared to
802.11b shortens the range of 802.11a networks. The higher frequency also means 802.11a signals have more difficulty penetrating walls
and other obstructions.

Because 802.11a and 802.11b utilize different frequencies, the two technologies are incompatible with each other. Some vendors offer hybrid
802.11a/b network gear, but these products merely implement the two standards side by side (each connected devices must use one or the
other).

Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices
Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed

802.11g
In 2002 and 2003, WLAN products supporting a newer standard called 802.11g emerged on the market. 802.11g attempts to combine the
best of both 802.11a and 802.11b. 802.11g supports bandwidth up to 54 Mbps, and it uses the 2.4 Ghz frequency for greater range. 802.11g
is backwards compatible with 802.11b, meaning that 802.11g access points will work with 802.11b wireless network adapters and vice versa.

Pros of 802.11g - fast maximum speed; signal range is good and not easily obstructed
Cons of 802.11g - costs more than 802.11b; appliances may interfere on the unregulated signal frequency

802.11n
The newest IEEE standard in the Wi-Fi category is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by
utilizing multiple wireless signals and antennas (called MIMO technology) instead of one.

When this standard is finalized, 802.11n connections should support data rates of over 100 Mbps. 802.11n also offers somewhat better range
over earlier Wi-Fi standards due to its increased signal intensity. 802.11n equipment will be backward compatible with 802.11g gear.

Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources
Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby
802.11b/g based networks.
Security Types available for 802.11

Data Protection
Technology
WEP

Description
Wired Equivalency Privacy, the original security standard for wireless LANs, easily exploited by software that can break the encryption after
capturing traffic and recognizing encryption patterns.

802.1X

802.1X is the IEEE standard for wired and wireless LAN access control. It provides a means of authenticating and authorizing devices attached
to a LAN. 802.1X defines the Extensible Authentication Protocol (EAP). EAP uses a central authentication server to authenticate each network
user. EAP also has some vulnerabilities.

LEAP

Lightweight Extensible Authentication Protocol (LEAP), developed by Cisco, is based on the 802.1X authentication framework but addresses
several weaknesses using dynamic WEP and sophisticated key management. LEAP also adds MAC address authentication.

PEAP

Protected Extensible Authentication Protocol (PEAP) provides secure transport of authentication data, including passwords and encryption
keys. With PEAP, wireless clients can be authenticated without certificates, simplifying the secure wireless LAN architecture.

WPA

Wi-Fi Protected Access (WPA) is a subset of the 802.11i security standard and is expected to replace WEP. WPA combines Temporal Key
Integrity Protocol (TKIP) and 802.1X for dynamic key encryption and mutual authentication.

TKIP

Temporal Key Integrity Protocol (TKIP) is part of the IEEE 802.11i encryption standard. TKIP provides per-packet key mixing, a message
integrity check, and a re-keying mechanism, fixing the flaws of WEP.

WPA2

WPA2 is second generation WPA, providing Wi-Fi users a high level of assurance that only authorized users can access their wireless
networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard.

IEEE Ratified
Frequency
Non-overlapping

802.11b

802.11g

802.11a

802.11n

1999

2001

1999

2008

2.4GHz

2.4GHz

5GHz

2.4GHz

5GHz

12

12

11Mbps

54Mbps

54Mbps

65Mbps

65Mbps

2, 3* or 4*

2, 3* or 4*

11Mbps

54Mbps

54Mbps

130Mbps

270Mbps

Channels
Baseline
Bandwidth Per
Channel
Number of Spatial
Streams
Max Bandwidth
Per Channel

IPv4Packetismadeupofheadersanddata.Theheaderhas13fields.

bit
offset

03

47

815

Version

Header
length

Differentiated
Services

32
64

16
18

Identification
Time to Live

Total Length

Flags
Protocol
Source Address

128

Destination Address

160

Options

160
or
192+

Data

Fragment Offset
Header Checksum

96

1931

IPv6PacketarecreatedslightlydifferentthanIPv4

Octet
Offset

Bit
Offset

32

64

96

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Version

Traffic Class

Payload Length

Flow Label

Next Header

Source Address
10

128

14

160

18

192

1C

224
Destination Address

20

256

24

288

Hop Limit