|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Need more practice? 300 additional Security+ questions!|
|Get It Here!|
In this chapter, we looked at the
topics in the first domain of the Security+ exam, General Security Concepts.
You learned about the AAA of security
(Access control, authentication and auditing/accounting).
Within Access control, you explored
the characteristics of different types of access control such as:
- MAC, Mandatory Access Control,
a lattice-based approach using labels, related to the Bell-LaPadula
- DAC, Discretionary Access Control,
in which the owner of an object generally retains the right to distribute
it to others, so a Trojan horse sent to the document owner could potentially
be used to cause a document to be distributed.
- RBAC, Role-Based Access Control,
in which access permissions are based on user job roles such as Accountant,
Regional Sales Director, etc.
Within Authentication, you learned
about the three types of authentication, based on:
- Something you are (biometrics)
- Something you have (such as a smart card)
- Something you know (such as a password)
You discovered key points about several
authentication technologies, such as:
- Kerberos, which uses tickets as identity
tokens, employs temporary session keys and symmetric encryption, and
is careful not to send the password over the wire, but can be vulnerable
to attacks like replay and brute-force password guessing.
- CHAP, which uses a 3-way challenge/response
handshake, repeated at random times during a login session, and which
like Kerberos also does not send the password over the wire.
- Digital certificates (more about these
in Chapter 4 -- later!)
- Passwords, which should not be sent over
the network where they can be sniffed by users running network
monitoring software, and should not be dictionary words or other short,
- Tokens, hardware devices which can be
used, often with a PIN, for authentication; they often also employ digital
- Multi-factor authentication, which uses
a combination of 2 or more authentication techniques to reduce the probability
- Mutual authentication, in which both parties
to a conversation authenticate themselves to each other.
- Biometrics, involves something you are,
such as your fingerprint, or something you do, such as your typing style/rate.
You learned about different types
of Auditing (the process of monitoring a system or network, verifying
configuration and watching for security exposures), including configuration
and log analysis and system/network scanning (using programs like nmap).
You learned that it is best to disable
and filter access to non-essential services and protocols, because the
more unnecessary features available on a system, the more vulnerable
You discovered that would-be crackers
may use OS fingerprinting to learn about a server before they attack
it, and investigated the details of common types of cyber attacks
- DoS/DDoS, where the attacker floods a
network with traffic and causes a denial of service to a machine or
network, in the case of a Distributed DoS using multiple machines on
the network to do it, via techniques such as ping flooding, SYN flooding
and teardrop attacks; Trinoo is a common DDoS tool.
- Backdoors, which give the attacker a way
into the system without the usual security checks; NetBus and BackOrifice
are common backdoor programs.
- Spoofing, made possible due to the design
of IP, involves the attacker misleading everyone as to their location
and identity, by using a faked IP address in packets; in blind spoofing,
the user sends packets to the target system but does not have access
to that systems replies.
- Man-in-the-Middle, or MITM, often
used to take over a telnet session, in which the attacker
intercepts the packets in a conversation between two machines, altering
some on the fly.
- Replay, where the attacker captures the
packets involved in one side of a network conversation and replays them
later; can sometimes be used to spoof authentication/authorization.
- TCP/IP Hijacking, where the attacker takes
control of a TCP/IP conversation.
- Weak Keys, in which the attacker takes
advantage of the use of weak encryption keys used to secure a conversation
or data; generally 40-bit and 56-bit key lengths are not considered
- Mathematical attacks; the attacker takes
advantage of mathematical properties of an encryption technique to discover
the original key or break the technique without need for the original
- Social Engineering, where the attacker
uses interaction with people to learn about and compromise the network,
taking advantage of their desire to be helpful by providing names, passwords,
- Birthday attacks, based on the high probability
of duplicates within a small number of samples; attackers can take advantage
of this to find duplicate texts that have the same message digest
- Automated Password Guessing attacks like
Brute Force (the attacker tries every possible combination of
characters in an attempt to find a password) and Dictionary Attacks
(the attacker tries each word appearing in a dictionary, to see if it
matches the password).
- Software Exploitation, in which the attacker
takes advantage of bugs, or malfunctions, in software with
techniques like buffer overflow or SQL injection exploits.
You explored different types of malicious
code, which are programs written for a malicious purpose, such as:
- Viruses, programs that attach themselves
to a host file and often automatically replicate around the system;
can generally be detected by anti-virus programs.
- Trojan Horses, programs that masquerade
as one thing, but include extra, hidden, malicious functionality.
- Logic Bombs, programs whose malicious
functionality runs at some future date when a set time has elapsed,
when a user ID is no longer on the system, etc.
- Worms130, programs similar to viruses which can replicate
across a network.
You learned that social engineering
involves defeating established security measures by taking advantage
of the fact that people are often the weakest link in any security system.
It often uses no software tools at all and thus cannot be detected
automatically by traditional intrusion-detection technology.
130. http://www.cs.berkeley.edu/~nweaver/warhol.html (Article on Super Worms)
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.