Exam Notes for Security+

Page1    Page2    Page3    Page4    Page5    Page6    Page7

21. A company's security policy outlines the security measures to be taken. Implementing the security policy is the first thing that needs to be done.

22. DMZ is short for DeMilitalized Zone. If a company intends to host its own servers to be accessed from public Internet, a DMZ is most preferred solution. The network segment within the DMZ is secured by two firewalls, one interfacing with the public Internet, and the other interfacing the internal corporate network. Thus, a DMZ provides additional layer of security to internal corporate network. The type of servers that are hosted on DMZ may include web servers, email servers, file servers, DNS servers, etc.

23. According to the principle of least privilege, a user should be given only the minimum privileges that are required to do his/her works accurately and completely. Other choices are not appropriate.

24. Message Authentication Codes (MACs), also called "keyed hashes", are used to verify the authenticity of a message. Let us say, Jane (the sender of a message) and Mike (the recipient) share a secret key. Jane uses the message and the key to compute the MAC, and sends the MAC along with the message. When Mike receives the message, he computes the MAC, and then checks to see if his MAC matches Jane’s. If it does, then he knows the message is from Jane and that nobody has changed it since she sent it.

25. Digital Signatures and Encryption:

• Digital signature ensures that the sender cannot repudiate having sent the message at a future date.
• Encryption ensures that the message cannot be read by any person who do not have matching key to decode the coded message
• Hashing ensures that the message is not tampered with, during transit or storage. Note that Hashing not necessarily encode or encrypt a message.

26. Secret-key encryption is also known as single-key or symmetric encryption. It involves the use of a single key that is shared by both the sender and the receiver of the message.Typically, the sender encrypts the message with a key and transmits the message to the recipient. The recipient then decrypts it by using a copy of the same key used to encrypt it.

27. Confidentiality ensures that a message is not disclosed to any unintended parties. Note that integrity is to do with the correctness of information, and authorization refers to privileges to access a given resource. Authentication is used in conjunction with validation of a user or a process to login.

28. Given below are some of the widely known password guessing methods:
1. dictionary
2. birthday
3. brute force
4. rainbow tables

1. dictionary: this is the method in which dictionary terms are used for guessing a password.
2. birthday: It takes advantage of probabilities, much like two people in a 50-person room shared the same birthday. With every person, the chances of two people having the same birth date increases. In the same way, when you start guessing the password, the chances of a hit keep increasing.
3. brute force: In a Brute Force attack, muscle (in this case, CPU and/or network muscle) is applied to break through a particular security mechanism, rather than using particular intelligence or logic. “Brute force” is most commonly applied to password guessing, taking advantage of computer power available to an attacker, to try every possible password value, until the right one is found. In cryptography, a brute-force attack is an attempt to recover a cryptographic key or password by trying every possible combination until the correct one is found. How quickly this can be done depends on the size of the key, and the computing resources applied.
4. rainbow tables: Rainbow tables are huge lists of keys or passwords. A password-guessing program uses these lists of keys or passwords rather than generating each key or password itself.

29. Computer based access controls prescribe not only who or what process may have access to a given resource, but also the type of access that is permitted. These controls may be implemented in the computer system or in external devices. Different types of access control are:
5. Mandatory access control
6. Discretionary access control
7. Rule based access control
8. Role based access control

Mandatory Access Control (MAC) secures information by assigning sensitivity labels on objects (resources) and comparing this to the level of sensitivity a subject (user) is operating at. MAC ensures that all users only have access to that data for which they have matching or greater security label (or security clearance). In general, MAC access control mechanisms are more secure than DAC. MAC is usually appropriate for extremely secure systems including multilevel secure military applications or mission critical data applications.

Discretionary Access Control (DAC): Discretionary Access Control (DAC) is a means of restricting access to information based on the identity of users and/or membership in certain groups. Access decisions are typically based on the authorizations granted to a user based on the credentials he presented at the time of authentication (user name, password, hardware/software token, etc.). In most typical DAC models, the owner of information or any resource is able to change its permissions at his discretion. DAC has the drawback of the administrators not being able to centrally manage these permissions on files/information stored on the web server.

Role Based Access Control (RBAC): In Role-Based Access Control (RBAC), access decisions are based on an individual's roles and responsibilities within the organization. For instance, in a corporation, the different roles of users may include those such as chief executive, manager, executive, and clerk. Obviously, these members require different levels of access in order to perform their functions, but also the types of web transactions and their allowed context vary greatly depending on the security policy. In Role Based Access Control, the administrator sets the roles. Therefore, this type of access control is sometimes considered as a subset of MAC.

Rule Based Access Control (RBAC): The access to a resource in Rule Based Access Control is based a set of rules. ACLs (Access Control Lists) are used for this type of access control. In Rule Based Access Control, the administrator sets the rules. Therefore, this type of access control is sometimes considered as a subset of MAC.

30. 1. When a user first authenticates to Kerberos, he talks to the Authentication Service on the KDC to get a Ticket Granting Ticket (TGT). This ticket is encrypted with the user's password.

2. When the user wants to talk to a Kerberized service, he uses the TGT to talk to the Ticket Granting Service (TGS, also runs on the KDC). The TGS verifies the user's identity using the TGT and issues a ticket for the desired service.

The TGT ensures that a user doesn't have to enter in their password every time they wish to connect to a Kerberized service. The TGT usually expires after eight hours. If the Ticket Granting Ticket is compromised, an attacker can only masquerade as a user until the ticket expires.

The following are the important properties of Kerberos:
1. It uses symmetric encryption
2. Tickets are time stamped
3. Passwords are not sent over the network

31. The term "social engineering" refers to tricking someone into revealing useful information, such as a password. Social engineering can be used to collect any information an attacker might be interested in, such as the layout of your network, names and/or IP addresses of important servers, installed operating systems and software. The information is usually collected through phone calls or as new recruit or guest to your boss.
Phishing is the act of sending an e-mail to a user claiming to be a reputed organization (such as a bank) in an attempt to scam the user into providing information over the Internet. The e-mail directs the user to a Web site where they are prompted to provide private information, such as credit card, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Vulnerability refers to what extent a system is prone to attack from a hacker.
Soft intrusion is a fictitious answer.

32. Viruses, worms, and Trojan horses are all harmful pieces of software. The way they differ is how they infect the computers, and spread.

• Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another. Almost all viruses are attached to an executable file, and it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
• Worm: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
• Trojan Horse: The Trojan Horse, at first glance appears to be a useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening it because it appears to be receiving legitimate software or file from a legitimate source.

33. Phishing is the practice of enticing unsuspecting Internet users to a fake Web site by using authentic-looking email with the legitimate organization's name, in an attempt to steal passwords, financial or personal information, or introduce a virus attack.

34. Simple Mail Transfer Protocol (SMTP), the main protocol used when sending email, does not include a way to authenticate where the email message originated. However, the mail server inserts a <Received:> header at the top of every email message. This gives us a message's route, making it possible to determine the origin of the message.
Email attachments from spammers usually contain malware, and one should never open such attachments.

35. A client authenticating itself to a server and that server authenticating itself to the client in such a way that both parties are assured of the others' identity is known as mutual or two-way authentication.

36. Zombies are malware that puts a computer under the control of a hacker. Hackers use zombies to launch DoS or DDoS attacks. The hacker infects several other computers through the zombie computer. Then the hacker sends commands to the zombie, which in turn sends the commands to slave computers. The zombie, along with slave computers start pushing enormous amount of useless data to target computer, making it unable to serve it legitimate purpose. This type of attack is known as DDoS attack.

37. Kerberos uses port 88 by default. FTP uses port 21, https uses port 443, and SNMP uses port 161.

38. Any business continuity planning preferably include the following:

• Redundant network connectivity
• Clustering
• Fault tolerance using Raid or similar technique
• Facilities management

39. Security policy planning should include the following:

• Due care, acting responsibly and doing right thing.
• Privacy, letting the employees and administrator know of the privacy issues
• Separation of duties
• Need to know, providing employees only the information required to perform their role or duties.
• Password management, auditing the passwords
• Disposal and destruction
• Human rights policies, and
• Incident response, should take care of response to an act.

40. There are five types of extinguishers:

• Water
• Dry chemical
• Halon
• Carbon dioxide
• Foam

Water is used with Class A fires. Regular dry chemical extinguishers have a sodium bicarbonate base and are effective on Class B and C fires. Carbon Dioxide Extinguishers are used primarily on Class C fires and are also effective on Class B fires. Halon Extinguishers are best used on Class B or C fires. Foam extinguishers are less commonly used.

Page1    Page2    Page3    Page4    Page5    Page6    Page7