Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions. Copyright 2002 by AlphaGeekProductions. All rights reserved. Created in the United States of America. Except as permitted under the United States Copyright Act of 1976, No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic or mechanical or by photocopying, recording, or otherwise without the prior permission of the publisher. The views expressed in this book are solely those of the Authors, and do not represent the views of any other party or parties. Created in United States of America UPC: 6-43977-21101-8 The sponsoring editor for this book was Bruce Moran and the production supervisor was Chad M. Bayer. Formatted by www.totalrecallpress.com Authors: Tcat Houser, Helen O'Boyle, Ian Kayne, and Angella Hebert Design Concepts: Bruce Moran This publication is not sponsored by, endorsed by, or affiliated with CompTIA, Inc. CompTIA®, A+®, Network+™, Server+™, I-Net+™, Linux+™, Security+™ The CompTIA logos and the Network+ logo are trademarks or registered trademarks of CompTIA, Inc. in the United States and certain other countries. All other trademarks are trademarks of their respective owners. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we used names in an editorial fashion only and to the benefit of the trademark owner. No intention of infringement on trademarks is intended. This publication does not constitute an endorsement of any mentioned product by the authors. Disclaimer Notice: Judgments as to the suitability of the information herein for purchaser’s purposes are necessarily the purchaser’s responsibility. BeachFront Quizzer, Inc. and TotalRecall Press extends no warranties, makes no representations, and assumes no responsibility as to the accuracy or suitability of such information for application to the purchaser’s intended purposes or for consequences of its use except as described in the Guarantee. LICENSE This Document is FREE to everyone. You are FREE to distribute and use this document for non-commercial purposes. This material is protected by copyright 2002 AlphaGeekProductions. This work was “Frozen” 08/23/02_ 18:35 Michael Toennessen Instructional Technology Specialist Meeker Junior High School Kent School District #415 NO WARRANTY BECAUSE THIS DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THIS CONTENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE OF THIS CONTENT IS WITH YOU. SHOULD THIS CONTENT PROVE FAULTY, INACCURATE, OR OTHERWISE UNACCEPTABLE YOU ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MIRROR AND/OR REDISTRIBUTE THIS CONTENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE OC, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS CONTENT WAS CREATED ACCORDING TO A COMMON BODY OF KNOWLEDGE RELATING TO SECURITY ISSUES. AT THE TIME OF CREATION, SECURITY+ CERTIFCATION HAS NOT BEEN RELEASED. THEREFORE IT IS IMPOSSIBLE TO OFFER ANY WARRANTIES AS TO ACCURACY OR REVELANCE TO SECURITY+. This book is dedicated to the all the folks willing to ‘take the whooping’ that the Security+ IT beta test delivers to the mind and body. Tcat Houser My work on this study guide is dedicated to the denizens of Virginia Commonwealth University computer labs, without whose presence in my life as friends, mentors and occasional adversaries of a white hat who just wanted to learn, I might never have discovered how enjoyable the field of computer security could be, or learned as much about it as I did there. Helen O’Boyle This is for Gillian and Eddie. Ian Kayne I dedicate the success of this effort to all of the loved ones who gave us moral support through our 7 days of hell, the team members of this success for all roles played, and to the author I owe my sanity to Tcat. You are a strong leader with your expertise and make the desires in all of us run rampid when we think that all of the fires within us have been distinguished. You push us to the challenge. I thank you. Without that little extra you always seem to give, I could not have been such an active participant in this effort. Angella Hebert Decrypting the Security+ Beta Exam Objectives CompTIA Security+ For SYN-101 Examination About the Authors Tcat Houser Tcat Houser (Network+, MCSE, Server+, CTT+) has garnered other milestones such as IBM PSE and Microsoft MCSE/MCT. This is the result of almost 40 years of “fussing with electronics”. When not writing or teaching, he is doing research. Tcat accomplishes so many tasks because to him, it isn’t work, its fun, and he has fun 18 hours a day, 7 days a week. You can reach him by sending mail to Tcat@Tcat.net or Author@totalrecallpress.com. Looking back at the last book where I (Tcat Houser) was the lead author (i-Net+ Exam Prep 1576105989) the independent reviews were very good, and most readers understood that I had two intentions. One, ace the test. Two, supply the information to be a reference manual and/or alert the reader to upcoming technologies so as today’s hero, the reader was not tomorrow’s zero. In the two years since that release, I led a number of career changers through CompTIA and wrote my own courseware. Building on that learning, you have this release. Helen O’Boyle Helen O’Boyle (Network+, MCSE, MCSD, CTT+) has been working with computers for 20 years. Her background is quite varied in regards to both platforms and a complete interest in both the engineering of software and hardware. You may email her at Author@totalrecallpress.com o o r r Hoboyle@mindspring.com. Author@totalrecallpress.com Ian Kayne By day I’m a technical specialist with a focus on Internet & Security technologies. By night I’m a scene coder, laying down C++ with Win32, MFC and DirectX code purely for fun. I enjoy a challenge, whether it’s building pen-resistant systems or getting this mesh and that pixel shader to render faster. Working with everyone in different time zones and across the Atlantic has been fun. Certain people will understand the reference to Spirit ;). Angella Hebert A mom whose passions make her eager to learn while keeping her feet grounded. I contribute my proofreading and English skills. I enjoy the knowledge it gives and of course the friendships I have built along the way (Mr. Tcat himself). Chad Rees Cover Design and WebMaster About the EBook This manual is designed to provide information to help readers study for and pass CompTIA’s Security+ Beta certification exam. Every effort has been made to make this manual as complete and accurate as possible. Special Offer: We will accept PayPal Donations because while this work is free, food, etc. is not. If you do choose to send a $20 USD Donation or more, we will provide you a PDF file which will contain all of our Security reference work. This Security PDF file, will be released on or before November 01-2002. We estimate this will be about the time when Security+ goes live. Http://www.alphageekproductions.com A quick look at the Chapters included in this book: Read.Me 1 General Security Concepts (30%) 13 Communication Security (20%) 41 Infrastructure Security (20%) 87 Basics of Cryptography (15%) 159 Operational/Organizational Security (15%) 171 [...]... Difficulity (1-10) 4 on par with Network+ Fairness (1-10) 9 one of the more fair tests from CompTIA Decrypting the Security+ Beta Objectives 'hit rate' 93% Comments: DAMN glad we put the study guide out BEFORE the test Proves either we're oracle's or everyone wrote to the objectives, including the SME's If the material makes sense, the beta is yours Wish I had more time to have worked on PKI Had to guess... other words, a guide Today, some call a brain dump the revealing of actual test questions and suspected answers Well these fingers call the latter behavior illegal in the civilized word This body of work is a brain dump in the classic sense To make the point, we have frozen this work before the test goes to beta Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions Free... Http://www.netlinknorthwest.com for the practical support with 802.11 www.TotalRecallPress.com for hosting the downloads These folks have contributed to your success without expectation of return Finally, best wishes from all of us to all of you The Decrypting the CompTIA Security+ Objectives Team Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial... 199 Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes VIII Acknowledgments Preface and Acknowledgments Helen and Tcat were working on what we thought Security+ should... that Security+ as a test focuses on the technical portion in what we refer to as the Triangle of Security This means we have gone beyond the Security+ test and given you a map to succeed and excel in the real world When you pass Security+ , you have our pat on the back, but tat does not make you a security guru Another group has put a fair amount of effort into security, which does not just focus on the. .. trick is to supply the data to the users in a form through which security can be properly applied to suit their own best interests Your authors do not mean to imply that most workers don’t care about their jobs Social engineering is the most successful form of attack used by the outside intruder For example, the first phone call reveals the name of the person in charge of the phone system The second phone... to know the make and model of the phone system This gives the intruders the data to make the third phone call to get a person do perform some simple step, as requested by (insert obtained name from the first call) With this, the intruders just got an employee, who thought they were doing their job, to prop open a door on the phone system for themselves A perfect example for this attack is the Kevin... Security Tao Tao is a term that generally means the subtle reality of the universe cannot be described While choosing the word Tao would seem to suggest it is not possible to describe security, our goal is to give you an outline on the general ‘how’ of security, without pretending to say, ‘step by step, here are all of your answers’ 7 http://www.c4i.org/isn.html Decrypting the Security+ Beta Exam Objectives. .. functioning as the outside perimeter The closer in you come to the airport, you find closed circuit TV and police Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes 8 Chapter 0000 Move to the inside of a terminal and you find in addition to the closed circuit TV and police, plain clothes (undercover) security forces,... information.” Other parts of this book show many examples of how such information can be found 8 ISBN 0-7356-1588-8 Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes Read.Me 9 Appendix B, The Ten Immutable Laws of Security and Appendix C The Ten Immutable Laws of Security Administration”, make this book a must have on the . from all of us to all of you. The Decrypting the CompTIA Security+ Objectives Team Decrypting the Security+ Beta Exam Objectives Copyright 2002 AlphaGeekProductions this effort. Angella Hebert Decrypting the Security+ Beta Exam Objectives CompTIA Security+ For SYN-101 Examination About the Authors Tcat Houser Tcat