*TechNotes* Security+

Webmaster

These notes will eventually, some day, be combined in a single PDF file. Please let me know if you have any comments, suggestions so I can add/change it before it ends up in the PDF guide.

Click here for Security+ exam information, our practice tests, TechNotes, links, and recommended books.

Access Control *updated*
Access control, access control models, MAC, DAC, and RBAC.

Authentication
Username/password, CHAP, certificates, Kerberos, mutual authentication, biometrics, tokens, and smartcards.

Attackers
Covers the different type of attackers, their level of skills and resources, and their motivation.

DoS Attacks
Covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding and Smurfing.

Spoofing
Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.

Attacks*new*
Covers password, replay, back doors, Man-in-the-Middle, TCP Hijacking, mathematical, birthday, weak keys, and software exploitation attacks.

Social Engineering Attacks
Covers the human aspect of security.

Malicious Code
Covers viruses, Trojan Horses, back door attacks, worms and logic bombs.

Email Security
Covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups.

Internet Security *new*
Covers Internet security, Intranet, Extranet, SSL, HTTPS, S-HTTP, TLS, SFTP, Blind/anonymous FTP, ActiveX, CGI, Java script, Java, signed applets, cookies, buffer overflows, and instant messaging.

Network and Storage Media *new*
Covers security concerns of coaxial, UTP, STP, and fiber optic cabling, and removable media such as diskettes, CDs, hard drives, flashcards, tapes, and smartcards.

Wireless Network Security
Covers 802.11x, WEP, WAP, WTLS, site surveys, vulnerabilities and various related wireless security technologies.

Intrusion Detection Systems
Covers intrusion detections systems concepts and characteristics. Passive vs Active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

Physical Security
Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.

Risk Identification
Covers asset identification, vulnerability assessment, threat identification, and risk identication.

Forensics *new*
Covers computer forensics, identification and collection of evidence, preservation of evidence, and chain of custody.


Happy reading!
Johan

Webmaster

I just found this great site which explains several biometrics systems in the full extend:
www.ibgweb.com/reports/public/technology_reports.html

I think what I've written in the piece above should be enough for the Security+ exam, but can't hurt to check out some of the details

Webmaster

I just added new TechNotes for the Security+ exam covering the exam objective(s):

1.2 Recognize and be able to differentiate and explain the following types of authentication:
- Kerberos
- CHAP (Challenge Handshake Authentication Protocol)
- Certificates
- Username / Password
- Tokens
- Multi-factor
- Mutual
- Biometrics

www.techexams.net/technotes/securityplus/authentication.shtml

I hope you enjoy reading it as much as I did writing it.

johnster

Good day,

You referred to RBAC in your Access Control Technote as being "Rule Based" for CompTIA's objectives. However, although Rule Based Authentication does exist and is prevalent, your statement was incorrect. I copy and paste from CompTIA's website (http://www.comptia.org/certification/security/security_objectives-domain1.asp):

"
1.1 Recognize and be able to differentiate and explain the following access control models

MAC (Mandatory Access Control)
DAC (Discretionary Access Control)
RBAC (Role Based Access Control)
"

The only reason I'm mentioning this is because you happened to throw RBAC (Role) into MAC, which could really confuse the issue.

Comments?

Webmaster

I'm sorry for the late reply, I had to make sure I wasn't going nuts first.

I had done extensive research on the topic before writing those TechNotes mainly because many study guides are rather vague when it comes to this subject so I wanted to writing something definit (enough for Security+ at least) and not confusing .

Of course I wouldn't have made the comment "Although in most related documentation the abbreviation RBAC is used to refer to the Role-Based Access Control model, in the Security+ exam objectives CompTIA refers to it as the Rule-Based Access Control model, which is sometimes referred to as Rule-Based Role-Based Access Control (RB-RBAC).", if the exam objectives didn't actually say so. The list of exam objectives covered in the TechNotes on the bottom of the page are an exact copy-and-paste from the PDF.... BUT, when I wrote it (July last year) the objectives were still in beta and it did actually say Rule based.. in this doc: www.comptia.org/certification/securityplus/beta_objectives.pdf (unfortunately not online anymore, and I checked my hard disks and my backups but don't have the file anymore.) I've asked a couple of other people to check it they may still have. The current exam objectives PDF is of August last year.

Thanks for bringing this to my attention, I will remove the comment about the exam objective.

Webmaster

I just uploaded new TechNotes for the Security+ exam:

Wireless Network Security
It covers 802.11x, WEP, WAP, WTLS, vulnerabilities and various related wireless security technologies.
The following footnotes are also listed at the bottom of the page:

Footnotes wrote:

- Throughout this document I assumed 802.11 based networks are running in infrastructure mode.
- Most of the details in this document are beyond the scope of the Security+ exam. For the exam you will need to focus on the general concept, when to use what, and basic operation.
- As security is one of the most evolving parts of wireless networking, some of the details in this document may become outdated.
- The first revision of the Security+ exam (SY0-101) contains information current as of late 2002. Many of the newer developments in wireless technology described in this TechNote will appear in the next revision of the Security+ exam.

Special thanks for jdmurray for his excellent proofreading and input.

Webmaster

Here's another TechNote for the Security+ exam covering a human aspect of security: social engineering

www.techexams.net/technotes/securityplus/socialengineering.shtml

I hope you like it, it is pretty much my first non-technical piece.

Webmaster

I'm currently working on TechNotes that cover the attacks listed in the Security+ objectives below, and more. I planned on write a single article about everthing in objective 1.4, but it's getting kind of long already so I decided to write a separate one for each type of attack. But first, here's one that covers the types of attackers:

www.techexams.net/technotes/securityplus/attacks-attackers.shtml

Next in line is DoS/DDoS attacks.

1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk.
- DOS / DDOS (Denial of Service / Distributed Denial of Service)
- Back Door
- Spoofing
- Man in the Middle
- Replay
- TCP/IP Hijacking
- Weak Keys
- Mathematical
- Social Engineering
- Birthday
- Password Guessing
-- Brute Force
-- Dictionary
- Software Exploitation

Webmaster

Here is the next one:

www.techexams.net/technotes/securityplus/attacks-DDOS.shtml

It covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding, Smurfing and a couple of others.

Next on the list is Back Door Attacks...


Johan

prince_steval

Hello Johan

Thanx for posting the shortened form/summary documents of the exam objectives and the advise. It does help in the motivation and confidence stakes.

I am writing the exam next week hopefully, when I have fully prepared.

I'm just waiting for the practise exams, in order to get a feel for what type of questions get asked. I am currently working through the Sybex book and other books with regard to security, that will help me with the exam.

So, I will have to work very hard still to be prepared and confident. I have to work through chapter 9 and 10 still. Then it is revise, revise and practise and more practise!!!

Webmaster

Hello Ashley,

You're welcome

Although I covered only a couple of exam objectives yet, they are hardly 'shortened form/summary'. If you compare them to the information in the Sybex book, my TechNotes are more detailed and even longer.

I used the Sybex book as my primary source for preparing for this exam as well. Apart from some minor technical errors, many useless diagrams, and the overwhelming amount of fluff, it does cover a fair amount of the Sec+ exam objectives. Nevertheless, it needs to be supplemented with other material in order to be sufficient for the exam.

I'm just waiting for the practise exams, in order to get a feel for what type of questions get asked.

What practice exams are you waiting for? Did you notice ours here:
www.techexams.net/co_securityplus.shtml

Good luck with the exam next week and let use know the results.

Johan

prince_steval

Hello Johan

You are correct in talking about the fluff and they also repeat themselves alot in the sections and descriptions that they give.
What I meant to say was that your notes are concise and to the point - only the stuff you need to know - no fluff or waffle.

I only have chapter 10 to go and then its revise and test. It took me about a month and a half to sum up the book. I have to write things down to take it in, I know its alot of writing but it works for me to remember what I have studied and in this way I get rid of all the fluff in the book.

I also have a copy of the Que Exam Cram 2 study notes, which will definitely help my cause.

But thanx and I will keep you posted on the result.

Webmaster

Here's the next one covering the 1.5 Malicious code exam objectives (viruses, Trojan Horses, worms and logic bombs.) and the Back Doors exam objective from 1.4:

Malicious Code Perhaps not as detailed as usual but I think it is sufficient for the Security+ exam.

Webmaster

I've added a rating option to all my Security+ TechNotes that allows reader to rate my security related notes at www.securitydocs.com

Please do submit a rating when you read them, even if you think they totally suck

jpkennedy79

Just found this great site, and I love it thus far. Great information!

Webmaster

Thanks for the comments so far people...

I just finished new TechNotes for the Security+ exam:
Email Security
www.techexams.net/technotes/securityplus/emailsecurity.shtml

It covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups. In other words, the following exam objectives:

DOMAIN 2.0: Communication Security

2.2 Recognize and understand the administration of the following email security concepts
- S/MIME (Secure Multipurpose Internet Mail Extensions)
- PGP (Pretty Good Privacy) like technologies
- Vulnerabilities
- SPAM

2.3 Recognize and understand the administration of the following Internet security concepts
- Vulnerabilities
-- SMTP (Simple Mail Transfer Protocol) Relay

DOMAIN 3.0: Infrastructure Security

3.5 Understand the following concepts of Security Baselines, be able to explain what a Security Baseline is, and understand the implementation and configuration of each kind of intrusion detection system
- Application hardening
-- E-mail Servers

It's probably a bit more detailed than what you'll find in most Sec+ material, but I think that after reading this you should be able to answer (and understand ) all related question on the exam. Note that the mentioned encryption algorithms, PKI, and certificates, will be covered in more detail in other TechNotes.

Next in line is Basics of Cryptography, although I might decide to finish another topic first.

walid97

Thanks a lot Johan, these are valuable notes !

I was wondering, can I pass Security+ with these notes? (and read the objectives that are not covered from another source)

Thanks a lot.

Webmaster

Thanks. I wouldn't recommend using them as your only source for a topic (apart from the fact I haven't covered all the exam objectives yet), but rather an addition to a text book, CBT or classroom course. It's always good to read about the same subject from different authors, as one may make more sense than others, plus I like to clear up where others conflict (researching and fact-checking takes at least the amount of time to write them). But, I covered perhaps 30% of the objectives so far though, and again, I don't recommend using any source as your only source.

However, so far, and for other exams as well, I've proven to have a pretty good idea of how to interpret CompTIA's exam objectives, and I honestly think that 'in most cases' the information in the TechNotes is sufficient to answer 90% of the question about the corresponding topic. But it also depends a lot on how much you know already. I.e. someone with MCSE:Security or a fair amount of real world experience, would be able to pass the exam just by reading my TechNotes, especially with a Special Edition (just like for the Network+ exam). Anyway, time will tell.
Feel free to leave your feedback in this post after you passed the exam.

Webmaster

I finished some new TechNotes for the Security+ exam:

Intrusion Detection Systems
It covers intrusion detection systems concepts and characteristics. Passive vs active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

I'm not going to give an ETA for the next one but it will be a lot less than 3 months...

jre50

Webmaster wrote:

I finished some new TechNotes for the Security+ exam:

Intrusion Detection Systems
It covers intrusion detection systems concepts and characteristics. Passive vs active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

I'm not going to give an ETA for the next one but it will be a lot less than 3 months...

Thanks for all the info you have here. As an FYI, the link to the printer friendly version for Intrusion Detection System isn't working (pr_ids.php).

Webmaster

Thanks! I fixed the link.

RussS

Most excellent Johan

Webmaster

Thanks Russ, I'm glad you like it.

Webmaster

I just uploaded an updated version of the Access Control Models TechNotes, now named Access Control. It's an rewritten and extended version mainly to improve readibility and hopefully making this topic a bit easier to grasp.

www.techexams.net/technotes/securityplus/mac_dac_rbac.shtml

I'll post a new one in a couple of minutes...

RussS

Dang Johan - you are writing those faster than I have time to read them. Take a long holiday my friend

Webmaster

Holiday... you're right, I should, and I 'will' go this year. I got all the remaining Security+ TechNotes in draft, so you can expect lots more this month, including updates of some other by now older Sec+ notes. This is mainly why I haven't added much material to the site lately. Because of the overlap and weird order of CompTIA's objectives for this exam I found it's more efficient to write them all in draft to get a better overview of what should be in the individual online notes. It may look fast but it's actually a very slow process of writing, researching, editing and rewriting.

This next one was originally supposed to become a paragraph in the 'Attacks TechNotes', but ended up large enough to be a separate article:

Spoofing
Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.

I hope you like it!

Thanks,
Johan

Webmaster

The following article is combination of two different sections in the Security+ TechNotes PDF, first half is an updated version of the Username/Password paragraph in the Authentication TechNotes, the second half is from the Attacks chapter. I've combined them for an article for in the CertTimes this month. Since the text is not available in the current list of online TechNotes yet, you can use the following link to go directly to the article:

www.techexams.net/technotes/securityplus/passwords.shtml

It covers these exam objectives:

DOMAIN 1.0: General Security Concepts

1.2 Recognize and be able to differentiate and explain the following methods of authentication
- Username / Password

1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
- Password Guessing
- - Brute Force
- - Dictionary

Webmaster

The following is another section from the Attacks TechNotes/chapter. I'll remove this post once I finished the entire Attacks chapter and put that one online instead.

[Edit: added to Attack TechNotes]

qsub

Awesome, I'll be sure to check out the technotes before I do the exam.
I got the second CD of the CBT nuggets to watch then study a 700 page book.

Will be doing it at the end of July.

Webmaster

Following is another section from the Attack TechNotes/chapter:

********************************************************
[Edit: added to Attack TechNotes]

Webmaster

This is a paragraph in the Attacks chapter covering the Back door item from the following exam objective. Some info was already covered in the Trojan Horses section of the Malicious Code TechNotes.

1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
• Back Door


*********************************************************
[Edit: added to Attack TechNotes]
*********************************************************

I'm almost done with the Attacks TechNotes, which in addition to the ones posted in this topic will also include Mathmathical, Birthday, Man in the Middle, TCP Hijacking, and Replay attacks, as listed in the exam objectives.