*TechNotes* Security+

WebmasterWebmaster Admin Posts: 10,292 Admin
These notes will eventually, some day, be combined in a single PDF file. Please let me know if you have any comments, suggestions so I can add/change it before it ends up in the PDF guide.

Click here for Security+ exam information, our practice tests, TechNotes, links, and recommended books.

icon_arrow.gifAccess Control *updated*
Access control, access control models, MAC, DAC, and RBAC.

icon_arrow.gifAuthentication
Username/password, CHAP, certificates, Kerberos, mutual authentication, biometrics, tokens, and smartcards.

icon_arrow.gifAttackers
Covers the different type of attackers, their level of skills and resources, and their motivation.

icon_arrow.gifDoS Attacks
Covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding and Smurfing.

icon_arrow.gifSpoofing
Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.

icon_arrow.gifAttacks*new*
Covers password, replay, back doors, Man-in-the-Middle, TCP Hijacking, mathematical, birthday, weak keys, and software exploitation attacks.

icon_arrow.gifSocial Engineering Attacks
Covers the human aspect of security.

icon_arrow.gifMalicious Code
Covers viruses, Trojan Horses, back door attacks, worms and logic bombs.

icon_arrow.gifEmail Security
Covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups.

icon_arrow.gifInternet Security *new*
Covers Internet security, Intranet, Extranet, SSL, HTTPS, S-HTTP, TLS, SFTP, Blind/anonymous FTP, ActiveX, CGI, Java script, Java, signed applets, cookies, buffer overflows, and instant messaging.

icon_arrow.gifNetwork and Storage Media *new*
Covers security concerns of coaxial, UTP, STP, and fiber optic cabling, and removable media such as diskettes, CDs, hard drives, flashcards, tapes, and smartcards.

icon_arrow.gifWireless Network Security
Covers 802.11x, WEP, WAP, WTLS, site surveys, vulnerabilities and various related wireless security technologies.

icon_arrow.gifIntrusion Detection Systems
Covers intrusion detections systems concepts and characteristics. Passive vs Active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

icon_arrow.gifPhysical Security
Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.

icon_arrow.gifRisk Identification
Covers asset identification, vulnerability assessment, threat identification, and risk identication.

icon_arrow.gifForensics *new*
Covers computer forensics, identification and collection of evidence, preservation of evidence, and chain of custody.


Happy reading!
Johan :D
«13

Comments

  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I just found this great site which explains several biometrics systems in the full extend:
    icon_arrow.gifwww.ibgweb.com/reports/public/technology_reports.html

    I think what I've written in the piece above should be enough for the Security+ exam, but can't hurt to check out some of the details icon_wink.gif
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I just added new TechNotes for the Security+ exam covering the exam objective(s):

    1.2 Recognize and be able to differentiate and explain the following types of authentication:
    - Kerberos
    - CHAP (Challenge Handshake Authentication Protocol)
    - Certificates
    - Username / Password
    - Tokens
    - Multi-factor
    - Mutual
    - Biometrics

    icon_arrow.gifwww.techexams.net/technotes/securityplus/authentication.shtml

    I hope you enjoy reading it as much as I did writing it. :D
  • johnsterjohnster Member Posts: 1 ■□□□□□□□□□
    Good day,

    You referred to RBAC in your Access Control Technote as being "Rule Based" for CompTIA's objectives. However, although Rule Based Authentication does exist and is prevalent, your statement was incorrect. I copy and paste from CompTIA's website (http://www.comptia.org/certification/security/security_objectives-domain1.asp):

    "
    1.1 Recognize and be able to differentiate and explain the following access control models

    MAC (Mandatory Access Control)
    DAC (Discretionary Access Control)
    RBAC (Role Based Access Control) icon_rolleyes.gif
    "

    The only reason I'm mentioning this is because you happened to throw RBAC (Role) into MAC, which could really confuse the issue. icon_wink.gif

    Comments?
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I'm sorry for the late reply, I had to make sure I wasn't going nuts first.

    I had done extensive research on the topic before writing those TechNotes mainly because many study guides are rather vague when it comes to this subject so I wanted to writing something definit (enough for Security+ at least) and not confusing ;).

    Of course I wouldn't have made the comment "Although in most related documentation the abbreviation RBAC is used to refer to the Role-Based Access Control model, in the Security+ exam objectives CompTIA refers to it as the Rule-Based Access Control model, which is sometimes referred to as Rule-Based Role-Based Access Control (RB-RBAC).", if the exam objectives didn't actually say so. The list of exam objectives covered in the TechNotes on the bottom of the page are an exact copy-and-paste from the PDF.... BUT, when I wrote it (July last year) the objectives were still in beta and it did actually say Rule based.. in this doc: www.comptia.org/certification/securityplus/beta_objectives.pdf (unfortunately not online anymore, and I checked my hard disks and my backups but don't have the file anymore.) I've asked a couple of other people to check it they may still have. The current exam objectives PDF is of August last year.

    Thanks for bringing this to my attention, I will remove the comment about the exam objective.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I just uploaded new TechNotes for the Security+ exam:

    Wireless Network Security
    It covers 802.11x, WEP, WAP, WTLS, vulnerabilities and various related wireless security technologies.
    The following footnotes are also listed at the bottom of the page:
    Footnotes wrote:
    - Throughout this document I assumed 802.11 based networks are running in infrastructure mode.
    - Most of the details in this document are beyond the scope of the Security+ exam. For the exam you will need to focus on the general concept, when to use what, and basic operation.
    - As security is one of the most evolving parts of wireless networking, some of the details in this document may become outdated.
    - The first revision of the Security+ exam (SY0-101) contains information current as of late 2002. Many of the newer developments in wireless technology described in this TechNote will appear in the next revision of the Security+ exam.

    Special thanks for jdmurray for his excellent proofreading and input. icon_thumright.gif
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Here's another TechNote for the Security+ exam covering a human aspect of security: social engineering

    icon_arrow.gifwww.techexams.net/technotes/securityplus/socialengineering.shtml

    I hope you like it, it is pretty much my first non-technical piece. icon_wink.gif
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I'm currently working on TechNotes that cover the attacks listed in the Security+ objectives below, and more. I planned on write a single article about everthing in objective 1.4, but it's getting kind of long already so I decided to write a separate one for each type of attack. But first, here's one that covers the types of attackers:

    icon_arrow.gifwww.techexams.net/technotes/securityplus/attacks-attackers.shtml

    Next in line is DoS/DDoS attacks.
    1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk.
    - DOS / DDOS (Denial of Service / Distributed Denial of Service)
    - Back Door
    - Spoofing
    - Man in the Middle
    - Replay
    - TCP/IP Hijacking
    - Weak Keys
    - Mathematical
    - Social Engineering
    - Birthday
    - Password Guessing
    -- Brute Force
    -- Dictionary
    - Software Exploitation
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Here is the next one:

    icon_arrow.gifwww.techexams.net/technotes/securityplus/attacks-DDOS.shtml

    It covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding, Smurfing icon_smurf.gif and a couple of others.

    Next on the list is Back Door Attacks...


    Johan
  • prince_stevalprince_steval Member Posts: 3 ■□□□□□□□□□
    Hello Johan

    Thanx for posting the shortened form/summary documents of the exam objectives and the advise. It does help in the motivation and confidence stakes.

    I am writing the exam next week hopefully, when I have fully prepared.

    I'm just waiting for the practise exams, in order to get a feel for what type of questions get asked. I am currently working through the Sybex book and other books with regard to security, that will help me with the exam.

    So, I will have to work very hard still to be prepared and confident. I have to work through chapter 9 and 10 still. Then it is revise, revise and practise and more practise!!!
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Hello Ashley,

    You're welcome :D

    Although I covered only a couple of exam objectives yet, they are hardly 'shortened form/summary'. If you compare them to the information in the Sybex book, my TechNotes are more detailed and even longer.

    I used the Sybex book as my primary source for preparing for this exam as well. Apart from some minor technical errors, many useless diagrams, and the overwhelming amount of fluff, it does cover a fair amount of the Sec+ exam objectives. Nevertheless, it needs to be supplemented with other material in order to be sufficient for the exam.
    I'm just waiting for the practise exams, in order to get a feel for what type of questions get asked.
    What practice exams are you waiting for? Did you notice ours here:
    icon_arrow.gifwww.techexams.net/co_securityplus.shtml

    Good luck with the exam next week and let use know the results.

    Johan
  • prince_stevalprince_steval Member Posts: 3 ■□□□□□□□□□
    Hello Johan

    You are correct in talking about the fluff and they also repeat themselves alot in the sections and descriptions that they give.
    What I meant to say was that your notes are concise and to the point - only the stuff you need to know - no fluff or waffle.

    I only have chapter 10 to go and then its revise and test. It took me about a month and a half to sum up the book. I have to write things down to take it in, I know its alot of writing but it works for me to remember what I have studied and in this way I get rid of all the fluff in the book. :)

    I also have a copy of the Que Exam Cram 2 study notes, which will definitely help my cause. :)

    But thanx and I will keep you posted on the result.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Here's the next one covering the 1.5 Malicious code exam objectives (viruses, Trojan Horses, worms and logic bombs.) and the Back Doors exam objective from 1.4:

    Malicious Code Perhaps not as detailed as usual but I think it is sufficient for the Security+ exam.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I've added a rating option to all my Security+ TechNotes that allows reader to rate my security related notes at www.securitydocs.com

    Please do submit a rating when you read them, even if you think they totally suck ;)
  • jpkennedy79jpkennedy79 Member Posts: 28 ■□□□□□□□□□
    Just found this great site, and I love it thus far. Great information!
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks for the comments so far people...

    I just finished new TechNotes for the Security+ exam:
    Email Security
    www.techexams.net/technotes/securityplus/emailsecurity.shtml

    It covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups. In other words, the following exam objectives:
    DOMAIN 2.0: Communication Security

    2.2 Recognize and understand the administration of the following email security concepts
    - S/MIME (Secure Multipurpose Internet Mail Extensions)
    - PGP (Pretty Good Privacy) like technologies
    - Vulnerabilities
    - SPAM

    2.3 Recognize and understand the administration of the following Internet security concepts
    - Vulnerabilities
    -- SMTP (Simple Mail Transfer Protocol) Relay

    DOMAIN 3.0: Infrastructure Security

    3.5 Understand the following concepts of Security Baselines, be able to explain what a Security Baseline is, and understand the implementation and configuration of each kind of intrusion detection system
    - Application hardening
    -- E-mail Servers
    It's probably a bit more detailed than what you'll find in most Sec+ material, but I think that after reading this you should be able to answer (and understand ;)) all related question on the exam. Note that the mentioned encryption algorithms, PKI, and certificates, will be covered in more detail in other TechNotes.

    Next in line is Basics of Cryptography, although I might decide to finish another topic first. :D
  • walid97walid97 Member Posts: 79 ■■□□□□□□□□
    Thanks a lot Johan, these are valuable notes !

    I was wondering, can I pass Security+ with these notes? (and read the objectives that are not covered from another source)

    Thanks a lot.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks. I wouldn't recommend using them as your only source for a topic (apart from the fact I haven't covered all the exam objectives yet), but rather an addition to a text book, CBT or classroom course. It's always good to read about the same subject from different authors, as one may make more sense than others, plus I like to clear up where others conflict (researching and fact-checking takes at least the amount of time to write them). But, I covered perhaps 30% of the objectives so far though, and again, I don't recommend using any source as your only source.

    However, so far, and for other exams as well, I've proven to have a pretty good idea of how to interpret CompTIA's exam objectives, and I honestly think that 'in most cases' the information in the TechNotes is sufficient to answer 90% of the question about the corresponding topic. But it also depends a lot on how much you know already. I.e. someone with MCSE:Security or a fair amount of real world experience, would be able to pass the exam just by reading my TechNotes, especially with a Special Edition (just like for the Network+ exam). Anyway, time will tell.
    Feel free to leave your feedback in this post after you passed the exam. ;)
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I finished some new TechNotes for the Security+ exam:

    Intrusion Detection Systems
    It covers intrusion detection systems concepts and characteristics. Passive vs active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

    I'm not going to give an ETA for the next one but it will be a lot less than 3 months... icon_redface.gif
  • jre50jre50 Member Posts: 1 ■□□□□□□□□□
    Webmaster wrote:
    I finished some new TechNotes for the Security+ exam:

    Intrusion Detection Systems
    It covers intrusion detection systems concepts and characteristics. Passive vs active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

    I'm not going to give an ETA for the next one but it will be a lot less than 3 months... icon_redface.gif
    Thanks for all the info you have here. As an FYI, the link to the printer friendly version for Intrusion Detection System isn't working (pr_ids.php).
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks! I fixed the link.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    bowing.gifbowing.gifbowing.gif Most excellent Johan bowing.gifbowing.gifbowing.gif
    www.supercross.com
    FIM website of the year 2007
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks Russ, I'm glad you like it. :D
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I just uploaded an updated version of the Access Control Models TechNotes, now named Access Control. It's an rewritten and extended version mainly to improve readibility and hopefully making this topic a bit easier to grasp.

    icon_arrow.gifwww.techexams.net/technotes/securityplus/mac_dac_rbac.shtml

    I'll post a new one in a couple of minutes...
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Dang Johan - you are writing those faster than I have time to read them. Take a long holiday my friend icon_wink.gif
    www.supercross.com
    FIM website of the year 2007
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Holiday... you're right, I should, and I 'will' go this year. ;) I got all the remaining Security+ TechNotes in draft, so you can expect lots more this month, including updates of some other by now older Sec+ notes. This is mainly why I haven't added much material to the site lately. Because of the overlap and weird order of CompTIA's objectives for this exam I found it's more efficient to write them all in draft to get a better overview of what should be in the individual online notes. It may look fast but it's actually a very slow process of writing, researching, editing and rewriting.

    This next one was originally supposed to become a paragraph in the 'Attacks TechNotes', but ended up large enough to be a separate article:

    Spoofing
    Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.

    I hope you like it!

    Thanks,
    Johan
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    The following article is combination of two different sections in the Security+ TechNotes PDF, first half is an updated version of the Username/Password paragraph in the Authentication TechNotes, the second half is from the Attacks chapter. I've combined them for an article for in the CertTimes this month. Since the text is not available in the current list of online TechNotes yet, you can use the following link to go directly to the article:

    icon_arrow.gifwww.techexams.net/technotes/securityplus/passwords.shtml

    It covers these exam objectives:

    DOMAIN 1.0: General Security Concepts

    1.2 Recognize and be able to differentiate and explain the following methods of authentication
    - Username / Password

    1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
    - Password Guessing
    - - Brute Force
    - - Dictionary
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    The following is another section from the Attacks TechNotes/chapter. I'll remove this post once I finished the entire Attacks chapter and put that one online instead.

    [Edit: added to Attack TechNotes]
  • qsubqsub Member Posts: 303
    Awesome, I'll be sure to check out the technotes before I do the exam.
    I got the second CD of the CBT nuggets to watch then study a 700 page book.

    Will be doing it at the end of July.
    World Cup 2006 - Zidane - Never Forget.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Following is another section from the Attack TechNotes/chapter:

    ********************************************************
    [Edit: added to Attack TechNotes]
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    This is a paragraph in the Attacks chapter covering the Back door item from the following exam objective. Some info was already covered in the Trojan Horses section of the Malicious Code TechNotes.

    1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
    • Back Door


    *********************************************************
    [Edit: added to Attack TechNotes]
    *********************************************************

    I'm almost done with the Attacks TechNotes, which in addition to the ones posted in this topic will also include Mathmathical, Birthday, Man in the Middle, TCP Hijacking, and Replay attacks, as listed in the exam objectives.
Sign In or Register to comment.