Professional Documents
Culture Documents
Hub →
send to all port
Switch →
Filtering Port and MAC adresse use,
Capability to disable ports If you have ports on the switch that are
not being used, it is a security best practice to disable them so that
they cannot be used
Class B addresses have an IP address in which the value of the first octet
is between 128 and 191. Class B addresses have a default subnet mask of
255.255.0.0 or can be displayed as /16 at the end of the address.
Class C addresses have an IP address in which the value of the first octet
is between 192 and 223. In addition, class C addresses have a default
subnet mask of 255.255.255.0, which can be displayed as /24 at the end
of the address.
Although the OSI model is more of a Network+ topic, it is important to remember it for the
Security+ exam because it serves as background that can help you understand networking
technologies such as network devices and access control lists. For example, if you
understand the OSI model and you read an exam question that refers to a firewall
technology that can filter based on layer-3 or layer-4 information, then you know the
technology can filter based on source and destination IP addresses (layer 3) and TCP or
UDP port information (layer 4).
For the exam, remember that HTTP uses TCP port 80, while
HTTPS uses TCP port 443.
POP3 and IMAP4 are the Internet protocols for reading e-mail,
whereas SMTP is the Internet protocol for sending e-mail.
For the exam, remember that FTP is a protocol that uses two
ports. TCP port 21 carries the FTP commands from one system to
another, while TCP port 20 is responsible for transferring the data
between two hosts in an FTP session.
The Network Time Protocol (NTP) is used to synchronize the clocks of PCs
on a network or the Internet
LDAP is the industry-standard protocol for accessing a directory service and is supported
by directory services such as Microsoft’s Active Directory. LDAP uses TCP port 389 by
default.
IPv4 uses a 32-bit addressing scheme, while IPv6 is a 128-bit address scheme that uses a
hexadecimal address format. For the Security+ exam, you will need to know the basics
about the Ipv6 address schemes.
For the Security+ exam, you need to know that IPv6 uses a 128-bit address space. You may
also be asked to identify the Ipv6 loopback address, 0:0:0:0:0:0:0:1.
For the Security+ exam, remember the most secure cable type to
use is fiber-optic cabling.
Chapter 2
Introduction to Security Terminology
One of the main goals of information security is to keep
information confidential. You can accomplish this by implementing
encryption of data and communications, and by implementing
access control concepts such as permissions.
For the exam, know that before you can be given access to
resources (authorization), you must first identify yourself to the
system. Your identification information is then verified against an
authentication database to verify that you can gain access to the
system or facility (this is known as authentication).
For the exam, know that the term collusion means multiple
persons involved in a task get together and take part in fraudulent
activity.
For the exam, be sure to know the difference between separation
of duties and rotation of duties.
For the exam, know the different types of actors that can
potentially be a security risk to your organization.
The following is a listing of some of the categories of information security you should be
focused on to follow this standard:
Risk Assessment
Security Policies
Security Organization
Asset Protection
Personnel Security
Physical and Environmental Security
Communication and Operation Management
Access Control
System Maintenance
Business Continuity
Types of Attacks
For the exam, know that tailgating is when someone tries to slip
through the door behind you after you unlock it. Also know that
mantraps are popular security controls to help protect against
tailgating.
E-mail hoaxes are e-mail messages that users receive giving a false
story and asking the user to take some type of action. For example, the hoax
could say a certain file is causing a serious flaw in the operating system.
The e-mail could tell the reader they should delete the file, but in reality
there is nothing wrong with the file, and it may be needed for information
on important features of the operating system.
For the exam, know that the logic bomb virus waits for a specific
event, such as a certain date to occur, before activating the virus.
Do not confuse war dialing with war driving. War dialing is when
the hacker calls various numbers in hopes of locating a modem
connected to a phone line, while war driving is when the hacker uses
a wireless scanner to locate a wireless network.
For the Security+ exam, remember that any unused ports on the
switch should be disabled as part of the process of hardening the
network.
For the Security+ exam, be familiar with the fact that you should
secure areas of your network by segmenting networks into
communication boundaries. You can do that by breaking the
network into multiple networks and using access lists, or you can
create communication boundaries with VLANs on a switch.
For the Security+ exam, remember that NAT is used to hide the
internal IP address scheme by having all systems send traffic out
the NAT device, which replaces the source IP address in the packet
with the public IP address of the NAT device.
WEP can use 64-bit or 128-bit encryption keys that are made up
of a 24-bit initialization vector (IV) and then a 40-bit key (for 64-bit
encryption) or a 104-bit key (for 128-bit encryption)
For the exam, remember that WEP uses RC4 and a static key for
encryption, while WPA uses a 128-bit key that is dynamically
generated by TKIP.
For the exam, remember that WPA2 uses CCMP with AES as
the symmetric encryption algorithm for data privacy, while WPA
uses TKIP.
For the Security+ exam, remember that the wireless access point
(antennas) should be placed in the center of the building, not close
to the outer walls of the building, in order to limit connections from
outsiders.
For the certification exam, know that WEP, WPA, and WPA2
encryption have been cracked. Understand that WPA2 should be
used because it is considered the most secure of the three, but
because it has also been cracked, you should treat wireless clients as
remote clients and use a VPN solution to secure the communication.
Authentication
The Security+ exam expects you to know the protocols that offer
authentication, authorization, and accounting (AAA) services to the
network. Remember that RADIUS, DIAMETER, and TACACS+
offer AAA services.
Access Control