562 | Chapter 9: Network+ Exam Prep and Practice • It provides end-to-end security for Internet communications by using encryption. • A Public Key Infrastructure (PKI) is required for end-to-end security using SSL. Wired Equivalent Privacy (WEP) • WEP is a security protocol used for IEEE 802.11 wireless networks. • It is designed to provide privacy (confidentiality) to a wired network. • A WEP-enabled client adds a 40-bit secret key to the data. • The data is decrypted using the secret key on the receiving end to recover the plain text. • The newer version of WEP uses 128-bit encryption keys. Wi-Fi Protected Access (WPA) • WPA overcomes many weaknesses found in WEP. • It uses large encryption keys. • It provides enhanced data encryption security by using a Temporal Key Integ- rity Protocol (TKIP). • It uses several variations of Extensible Authentication Protocol (EAP) and public key cryptography. • WPA can be used in a preshared key mode. • Each user must know and use a paraphrase to access the wireless network. 802.1x • 802.1x is a secure authentication protocol that provides port-based access control. • It is based on Extensible Authentication Protocol (EAP). • Supplicant refers to the client software that needs access to a wireless access point. • Authenticator refers to a centralized wireless access point that forwards authentication requests to an authentication server such as a RADIUS server. Authentication protocols • Authentication is the process of verifying the credentials of a user. • Challenge Handshake Authentication Protocol (CHAP) periodically verifies the identity of the user. • Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is a password-based authentication mechanism. • Password Authentication Protocol (PAP) is the most basic form of authentica- tion in which the username and password are transmitted in clear text. • Extensible Authentication Protocol (EAP) is the most secure of all authentica- tion mechanisms. • Shiva Password Authentication Protocol (SPAP) is used for authentication to Shiva remote access servers. Network+ Exam Highlighters Index | 563 Prep and Practice Remote Authentication Dial-in User Service (RADIUS) • The RADIUS server provides centralized authentication for remote users. • RADIUS servers support several popular protocols such as PAP, CHAP, MS- CHAP, EAP, and SPAP. • Large organizations use multiple RADIUS servers to distribute the authenti- cation load. Kerberos • Kerberos is a cross-platform authentication protocol. • It is used for mutual authentication of users and services. • It requires a trusted third party. • It works in a Key Distribution Center (KDC), which is used to issue secure encrypted keys and tokens. • The tickets carry a timestamp and expire as soon as the user or the service logs off. • Kerberos is dependent on synchronization of clocks on the clients and servers. Network Implementation This subsection covers a summary of highlights from the “Network Implementa- tion” section in the Network+ Exam Study Guide. Linux/Unix • Linux is an open source operating system and is freely distributed. • Users must supply a username and password to log on. • Linux uses the Network File System (NFS) and Virtual File System (VFS) to mange files and folders. • The Line Printer Daemon (LPD) provides printing services. • Most server applications are third-party applications. • Each object has an associated Access Control List (ACL). • Linux ACLs are stored in text files such as hosts.allow and hosts.deny. MAC OS X • MAC OS X is designed for Apple computers. • User authentication is provided through user accounts. • Limited, standard, and administrator are three types of accounts. • MAC OS X supports Hierarchical File System Plus (HFS+). • Each file or folder in MAC OS X has associated sets of permissions. NetWare • NetWare is a full-featured network operating system. • Several network services such as DHCP, DNS, Web, and FTP are built-in. • NetWare also requires users to provide credentials such as username, pass- word, Directory Context, and the name of the directory tree. 564 | Chapter 9: Network+ Exam Prep and Practice • The NetWare filesystem provides users access to hard disk partitions, known as volumes. • NetWare supports Novell Distributed Print Services (NDPS) for printing. • Access to resources in NetWare is controlled through NetWare Directory Services. Windows 2000 Server and Windows Server 2003 • Windows 2000 Server and Windows Server 2003 are based on Active Direc- tory. • Active Directory is a centralized database that stores information about all objects. • Servers running Active Directory services are called domain controllers. • Objects include computers, users, groups, file shares, and printers. • Windows networks operate in domains. • Administrators apply group policies to domains or Organizational Units (OUs). • Users are required to log on to the domain once only, upon which they are permitted access to objects listed within Active Directory. • Windows servers use Kerberos authentication protocol by default. • File and Print Sharing for Microsoft Networks provides file and print services. • Windows servers provide file- and folder-level security using the NT File Sys- tem (NTFS). • Files can be stored and transmitted over the network in encrypted form. • IP Security (IPSec) can be used for secure data transmission of data in the LAN or over a WAN. Network wiring tools • A wire crimper is used to cut cable to length and attach a suitable connector. • A punchdown tool is used to attach wires to a patch panel. • Media testers or cable testers are used to test whether the cable is working properly. • An Optical Time Domain Reflectometer (OTDR) is used to locate breaks in fiber optic cables. • Tone generators and tone locators are used to find cable faults using audio signals. Loopback connectors/adapters are used to test the functionality of network ports. Firewalls • A firewall protects the internal network from outside networks. • Packet-filtering firewalls inspect the contents of each IP packet. • Packet-filtering firewalls work on two basic policies: Allow by Default and Deny by Default. Network+ Exam Highlighters Index | 565 Prep and Practice • Packet-filtering firewalls can be configured to allow or block traffic based on IP address, port number, protocol ID, and/or MAC address. • Application layer firewalls work at the Application layer of the OSI model. • They are also called application firewalls or application layer gateways. • Application layer firewalls are much slower than packet filtering firewalls. • Stateful inspection firewalls actively monitor the state of the network traffic. Proxy servers • A proxy server allows network users to connect to the Internet in a secure manner. • It allows better utilization of available Internet connection bandwidth. • It stores web pages locally to improve performance by reducing response times. • It helps track user activities while surfing web sites. • It keeps the internal network secure from the Internet by hiding the internal IP addressing scheme. Virtual Local Area Network (VLAN) • A VLAN is a virtual or logical grouping of network devices. • VLANs help reduce collisions by creating separate broadcast domains. • Network switches that support VLAN protocols are used to create VLANs. • VLANs are created on the basis of groups and memberships. • A VLAN can span multiple physical network segments or multiple switches. • A Trunk carries network traffic between each switch that is a part of VLAN. Intranet • Intranet refers to a private internal network. • It extends connectivity to remote employees through the Internet. • A tunnel is created in the Internet using protocols such as PPTP and L2TP. Extranet • Extranets allow external clients to access internal resources. • Extranets also allow partner organizations to connect their networks. • They are implemented through VPNs or RAS. Port blocking/filtering • Port blocking is the process of blocking unwanted traffic from entering a net- work. • Port filtering is configured on firewalls and proxy servers. • Blocking a specific port at the firewall thus stops all external traffic. Authentication • Authentication is the method of verifying the identity of a person or a system. • In a one-way authentication, only one of the entities verifies the identity of the other. 566 | Chapter 9: Network+ Exam Prep and Practice • In a two-way authentication, both entities verify one another’s identity. • User credentials supplied for authentication can be transmitted in clear text or in encrypted form. Username/password • The username and password is the most common method of authentication. • Passwords must be at least seven characters long and contain a combination of upper- and lowercase letters, numbers, and special characters. • Passwords must not contain the full or partial first or last name of the user. • Users must change their passwords periodically, and old passwords must not be reused. Biometrics • Biometrics devices identify a person based on her physical characteristics. • Common biometrics include fingerprints and retinal scans. • Handwriting, voice patterns, and body temperature are also used in biometrics. Multifactor • In multifactor authentication, many factors may be utilized. • Something you know is a factor such as your password or PIN. • Something you have is a factor such as your hardware token or a smart card. • Something you are is a factor such as your fingerprints, your eye retina, or other biometrics that can be used for identity. • Something you do is a factor such as your handwriting or your voice patterns. Encryption • Encryption applies an algorithm to plain text to produce an unreadable text. • It ensures the confidentiality of messages. • The integrity of a message ensures that the message has not been modified. • Digital signatures provide data integrity and non-repudiation of data. • Authentication refers to the verification of the identity of a person. • Non-repudiation ensures that the sender cannot deny he sent the message. Types of malicious codes • Malicious code infects a user’s computer without his knowledge. • Viruses and worms infect a system without any obvious commercial gains. • Trojan horses, rootkits, and backdoors infect the target system and conceal the identity of the attacker. • Spyware, botnets, and adware gather information about the user in order to gain some kind of commercial profit. • A boot sector, or bootstrap, virus infects the first sector on the hard disk. • A parasitic virus infects an executable file. Network+ Exam Highlighters Index | 567 Prep and Practice Disk fault tolerance • Disk fault tolerance is achieved by using a Redundant Array of Inexpensive Disks (RAID). • A RAID solution can be implemented either through the NOS or through dedicated hardware. • A software-based RAID solution is inexpensive, but it is not as efficient as a hardware-based RAID solution. RAID-1 • RAID-1, or disk mirroring, is inexpensive because it needs only two disks. • It offers good read performance. • Disk utilization is 50 percent because only one of the disks is used at a time. • No special software is required. RAID-5 • RAID-5 is also called disk striping with parity. • If one of the disks fails, the data is rebuilt using the parity information. • An equivalent of one full disk space is used for writing parity information. • It offers good disk read performance but poor write performance. • Hardware-based RAID-5 solutions are expensive but more efficient. • Inexpensive RAID-5 solutions can be implemented through the NOS. Server fault tolerance • In a stand-by server configuration, two identical servers are used: a primary and a secondary. • The secondary server monitors the heartbeats of the primary server to detect failures. • Server clustering provides fault tolerance as well as high availability. Power supply • Redundant power supplies provide an alternate source of power. • An Uninterruptible Power Supply (UPS) provides external redundancy. • A UPS protects the loss of data due to sudden power failure. • It provides time to save necessary files and shut down the server properly. • It protects expensive hardware from power threats such as spikes, surges, and sags. Power problems • A spike is a sharp increase in voltage for a very short period of time. • A surge is a little longer increase in voltage, usually less intense than a spike. • A sag is a sharp drop in voltage for a short period of time. • A blackout is a complete failure of power supply. • A brownout is a drop in voltage that lasts for a significant time. 568 | Chapter 9: Network+ Exam Prep and Practice Link redundancy • Link redundancy ensures that a stand-by connection is available if the pri- mary connection fails. • Adapter teaming provides fault tolerance and improved performance. • Adapter fault tolerance requires two network adapters. • Adapter load balancing provides fault tolerance but also improved performance. • Link aggregation effectively utilizes available network bandwidth. Data backups • A full backup backs up all the data in a single backup job. • An incremental backup backs up the data that has changed after the last full or incremental backup was taken. • A differential backup backs up the data that has changed since the last full backup. • A copy backup copies all the data on the system. Hot and cold spares • Hot spares are installed inside critical servers and readily take over a failed component. • Cold spares are installed inside a critical server but must be configured manually. • Hot swapping is the ability of a server to allow replacement of a failed com- ponent while the server is powered on. • Cold swapping does not allow replacement of failed components while the system is powered on. Hot, warm, and cold sites • A hot site is equipped with all necessary hardware and allows organizations to resume business activities almost immediately after a disaster. • A warm site normally is equipped with necessary hardware but it is not fully configured. • A cold site requires the maximum amount of time to be set up and made functional. Network Support This subsection covers a summary of highlights from the “Network Support” section in the Network+ Exam Study Guide. tracert/traceroute • This utility is used to trace the route from one host to another. • It uses ICMP echo packets. • If the network is congested, the output shows Request Timed Out. • Windows operating systems use the commands: tracert <Hostname> or tracert <IPAddress>. Network+ Exam Highlighters Index | 569 Prep and Practice • Unix/Linux and MAC OS use the commands: traceroute <Hostname> or traceroute <IPAddress>. • NetWare uses the command: iptrace ping • This utility is used to test connectivity between two TCP/IP hosts. • It can also test whether name resolution is working or not. • A Request Timed Out error means that the echo request did not get a response. • A Destination Host Unreachable error appears when the host is not found. • An Unknown Host error means that the hostname could not be resolved. • A TTL Expired error means that no response was received before the TTL value reduced to zero. Troubleshooting with ping • Ping the local loopback address 127.0.0.1. • Ping the IP address configured on the network interface of the local host. • Ping the IP address of another host on the local network segment. • Ping the IP address of the default gateway configured on the local host. • Ping the IP address of a remote host. arp • The arp utility is used to resolve an IP address to the MAC address. • Recently resolved MAC addresses are stored locally in the ARP cache. • Dynamic entries are created automatically in the ARP cache. • Static entries are added manually using the arp –s command. netstat • This utility displays the protocol statistics and current active TCP/IP connections. • The output columns include protocol, local address and port number, for- eign address and its port number, and the state of the connection. nbtstat • This utility is used only in Windows operating systems. • It is used to display the NetBIOS over TCP/IP connection statistics. • It is useful for diagnosing problems in Windows networks. ipconfig • This utility is used in Windows to display the TCP/IP configuration of the local host. • When used with the /all parameter, it displays configuration of all network adapters. • The ipconfig utility can also be used to release and renew IP configuration of a network adapter. 570 | Chapter 9: Network+ Exam Prep and Practice ifconfig • This command is the Unix/Linux and MAC OS X equivalent of Windows ipconfig. • It is used to display the TCP/IP configuration. winipcfg • This utility is used in Windows 95, Windows 98, and Windows ME. • It displays current TCP/IP configuration settings. nslookup • This utility is used to diagnose name resolution problems. • It can be executed in the interactive mode or in the noninteractive mode. • In the noninteractive mode, it is run with one or two pieces of information. • The interactive mode includes a number of subcommands, as listed in Table 8-25 in Chapter 8. dig • This command is used on Unix/Linux/MAC OS systems to perform DNS queries. • Standard command parameters include the DNS server name, the name to be resolved, and the type of query. • The query section displays the type and class of the DNS query. • The answer section displays the name of the host and its IP address for which the query is being performed. • The authority section displays information about authoritative DNS servers. Troubleshooting with visual indicators • No light or a yellow light indicates that the device or port is not operational, not connected, or faulty. • A solid green light indicates that the device or port is connected but there is no activity. • A flashing green light indicates that the device or port is functioning properly. • A flashing amber light indicates that the network is congested and collisions are occurring. Troubleshooting remote connectivity • Users may not be allowed access due to file permissions. • If a single client has a logon problem, make sure that the client is authorized to connect remotely. • If multiple clients are having logon problems, check the RAS server or the authentication server. • Make sure that all remote clients are using the correct TCP/IP configuration. • Check the physical connectivity for DSL modems/cable modems/wireless access points. • Check the LED indicators on modems and wireless access points and routers. • Verify that a dial tone exists for dial-up modems. • Verify the SSID settings on the access point and wireless clients. Network+ Exam Highlighters Index | 571 Prep and Practice Adding, removing, or modifying the DHCP service • The DHCP service is used to dynamically assign IP addresses to clients. • If a new DHCP server is added, the DHCP clients might need to be reconfig- ured to obtain and renew their IP addresses. • If a DHCP server is removed, the clients will not able to obtain or renew their IP addresses. • If the DHCP server is not available for a long time, the clients will not be able to connect to the network. Adding, removing, or modifying the DNS service • The DNS service is used to resolve hostnames to IP addresses. • If the DNS server is removed, the clients will not be able to connect using hostnames. • Clients will still be able to connect using IP addresses. • If a new DNS server is added, the reconfiguration of DHCP clients should be configured through the DHCP server by modifying the DHCP scope. Adding, removing, or modifying the WINS service • The WINS service is used to resolve NetBIOS names to IP addresses. • If the WINS server is not available, Windows clients will use the broadcasts to resolve computer names. • Network broadcasts create significant network traffic and cause network congestion. • If a new DNS server is added, the reconfiguration of DHCP clients should be configured through the DHCP server by modifying the DHCP scope. Troubleshooting bus networks • If the coaxial cable breaks, all computers will be disconnected. • If one or both terminators are missing, the network is down. • If the cable is not grounded, users will report intermittent connectivity problems. • Addition or removal of computers from the bus network usually causes inter- ruptions in network connectivity. • If the network interface on a computer fails, it will also cause network failures. Troubleshooting a star network • Hubs and switches have LEDs to determine whether a port is connected or disconnected or whether there are collisions on the media. • The hub or switch is the single point of failure, and all users in the segment will report connectivity problems. • If only one user has a connectivity problem, trace the cable from his com- puter to the hub/switch and try to plug in the cable in a different port, or replace the cable. • If all new computers cannot connect, verify that the correct cable type and length is used. • Make sure that patch panels and patch cables are connected properly. [...]... a prime concern It is also recommended that the candidate have passed the A+ and the Network+ exams before attempting to take this exam It is a good idea to have studied a Security+ certification exam self-paced study guide or to have attended a training course before you attempt to take this After all this, you will be ready to use this section of the book as your final exam preparation tool The Security+. .. with fundamental knowledge of authentication, access control, and auditing, also known as AAA in the computer security arena Along with this, you will learn about different types of attacks and about malicious code that can cause significant damage to the organization’s security setup The concepts discussed in the following section are as follows: • • • • • • • • Access control methods Authentication... tables takes maximum administrative efforts and time in a large network? ❍ A Static ❍ B Dynamic ❍ C Link state ❍ D Distance vector Answer A is correct Static routing tables are created and maintained manually by administrators In large networks, it is not possible to use this method because it takes significant administrative time and effort and is prone to typing errors 15 Which of the following addresses... an invalid MAC address? ❍ A 5F-00-AD-2E-E4-34 ❍ B 00-12-ED-AG-K7-9E ❍ C 00-0C-B8-22-AC-F3 ❍ D 6A- 7D-00-E5 -A8 - 58 Answer B is correct A MAC address can have numbers from 0 through 9, and letters from A to F 16 Which of the following protocols uses a MAC address as part of the host address? ❍ A TCP/IP ❍ B IPX/SPX ❍ C NetBEUI ❍ D AppleTalk Answer B is correct The IPX/SPX suite of protocols uses a MAC address... nondiscretionary, and the users who create an object may not have so-called “full control” over the object they create The main purpose of MAC is to define a security architecture that makes evaluations of contexts based on security labels In a nutshell, MAC is hardcoded and nondiscretionary, is universally applied to all objects by the operating system, and is sometimes also known as label-based access... signals travel though radio waves, which can be affected by electromagnetic interference (EMI) | Chapter 9: Network+ Exam Prep and Practice 10 Identify the hardware associated with a network wired with coaxial cable Select two answers ❏ A BNC connector ❏ B Terminator ❏ C RJ-11 ❏ D RJ-45 ❏ E SC Answers A and B are correct Coaxial cables use BNC connectors and 50Ohm terminators The BNC T-connectors are... MCSE/MCSA: Security track 586 | Chapter 10: Overview of Security+ Exam Security+ Overview Areas of Study for Security+ Exam General Security Concepts • Recognize and be able to differentiate and explain the following access control models: — MAC (Mandatory Access Control) — DAC (Discretionary Access Control) — RBAC (Role Based Access Control) • Recognize and be able to differentiate and explain the... using the ping and the tracert/traceroute commands Troubleshooting a wireless network • Wireless signals degrade as they travel away from the access point • Prevent signal degradation by carefully locating the wireless antenna • Make sure that all wireless devices support the standard used on the network • Make sure that the AP and all clients are using the correct SSID • Make sure that the client is... (Virtual Local Area Network) — NAT (Network Address Translation) — Tunneling Areas of Study for Security+ Exam | 589 Security+ Overview — Vulnerabilities — Packet sniffing — 8. 3 naming conventions • Recognize and understand administration of the following wireless technologies and concepts: — WTLS (Wireless Transport Layer Security) — 80 2.11 and 80 2.11x — WEP/WAP (Wired Equivalent Privacy/Wireless Application... creation, distribution, storage, expiration, and revocation of digital certificates 593 Operational and Organizational Security This section covers concepts related to operational and organizational security This includes a study of the physical security of the network, as well as creating backup and disaster recovery policies, security policies, and incident response policies You will also learn about . network bandwidth. Data backups • A full backup backs up all the data in a single backup job. • An incremental backup backs up the data that has changed after the last full or incremental backup was. They are also called application firewalls or application layer gateways. • Application layer firewalls are much slower than packet filtering firewalls. • Stateful inspection firewalls actively. was taken. • A differential backup backs up the data that has changed since the last full backup. • A copy backup copies all the data on the system. Hot and cold spares • Hot spares are installed