Security+ Study Guide

Chapter 1: General Security Concepts

Figure 1.1: The security triad

Figure 1.2: Operational Security Issues

Figure 1.3: A logon process occurring on a workstation

Figure 1.4: CHAP authentication

Figure 1.5: A certificate being issued once identification has been verified

Figure 1.6: Security token authentication

Figure 1.7: Kerberos authentication process

Figure 1.8: Two-factor authentication

Figure 1.9: The smart card authentication process

Figure 1.10: A typical LAN connection to the Internet

Figure 1.11: An Intranet network

Figure 1.12: A typical Extranet between two organizations

Figure 1.13: A typical DMZ

Figure 1.14: A typical segmented VLAN

Figure 1.15: A typical Internet connection to a local network

Figure 1.16: A typical tunnel

Figure 1.17: The business requirements of a security environment

Figure 1.18: Internal and external threats in an organization

Chapter 2: Know Your Enemy

Figure 2.1: Distributed Denial of Service attack

Figure 2.2: A back door attack in progress

Figure 2.3: A spoofing attack during logon

Figure 2.4: A man in the middle attack occurring between a client and a web server

Figure 2.5: A replay attack occurring

Figure 2.6: The TCP/IP protocol architecture layers

Figure 2.7: The encapsulation process of an e-mail message

Figure 2.8: An e-mail message sent by an e-mail client to an e-mail server

Figure 2.9: The TCP connection process

Figure 2.10: The Windows socket interface

Figure 2.11: TCP SYN flood attack

Figure 2.12: TCP sequence number attack

Figure 2.13: TCP/IP hijacking attack

Figure 2.14: A Smurf Attack underway against a network

Figure 2.15: Viruses spreading from an infected system using the network or removable media

Figure 2.16: An e-mail virus spreading geometrically to other users

Figure 2.17: The polymorphic virus changing characteristics

Figure 2.18: A stealth virus hiding in a disk boot sector

Figure 2.19: A Multipartite virus commencing an attack on a system

Figure 2.20: A logic bomb being initiated by a connection to the Internet and opening a word processing document

Chapter 3: Infrastructure and Connectivity

Figure 3.1: A typical network infrastructure

Figure 3.2: A proxy firewall blocking network access from external networks

Figure 3.3: A dual-homed firewall segregating two networks from each other

Figure 3.4: Router connecting a LAN to a WAN

Figure 3.5: A corporate network implementing routers for segmentation and security

Figure 3.6: Switching between two systems

Figure 3.7: Wireless access point and workstation

Figure 3.8: A RAS connection between a remote workstation and a Windows server

Figure 3.9: A modern digital PBX system integrating voice and data onto a single network connection

Figure 3.10: Two LANs being connected using a VPN across the Internet

Figure 3.11: An IDS and a firewall working together to secure a network

Figure 3.12: A mobile environment using WAP security

Figure 3.13: PPP using a single B channel on an ISDN connection

Figure 3.14: The RADIUS client manages the local connection and authenticates against a central server.

Figure 3.15: A TCP packet requesting a web page from a web server

Figure 3.16: E-mail connections between clients and a server

Figure 3.17: A web server providing streaming video, animations, and HTML data to a client

Figure 3.18: Coaxial cable construction

Figure 3.19: Common BNC connectors

Figure 3.20: Baseband versus broadband signaling

Figure 3.21: Network termination in a coax network

Figure 3.22: A vampire tap and a T-connector on a coax

Figure 3.23: UTP and STP cable construction

Figure 3.24: 10Base-T network with a sniffer attached at the hub

Figure 3.25: Commonly used fiber connectors

Figure 3.26: An inline fiber splitter

Figure 3.27: RF communications between two ground stations

Figure 3.28: Cellular network in a metropolitan area

Chapter 4: Monitoring Communications Activity

Figure 4.1: A typical NDS tree structure

Figure 4.2: NetBEUI network using a VPN over a TCP/IP network

Figure 4.3: WINS Server resolving TCP/IP addresses to names

Figure 4.4: An NFS device being mounted by a remote UNIX system

Figure 4.5: Tap locations used to monitor network traffic

Figure 4.6: The components of an IDS working together to provide network monitoring

Figure 4.7: An MD-IDS in action

Figure 4.8: AD-IDS using expert system technology to evaluate risks

Figure 4.9: N-IDS placement in a network determines what data will be analyzed.

Figure 4.10: A hub being used to attach the N-IDS to the network

Figure 4.11: IDS instructing TCP to reset all connections

Figure 4.12: IDS instructing the firewall to close Port 80 for 60 seconds to thwart an IIS attack

Figure 4.13: A network honey pot deceives an attacker and gathers intelligence.

Figure 4.14: A Host-based IDS interacting with the operating system

Figure 4.15: Incident response cycle

Figure 4.16: WTLS used between two WAP devices

Figure 4.17: The WAP protocol in action

Figure 4.18: A WAP gateway enabling a connection to WAP devices by the Internet

Figure 4.19: An IM network with worldwide users

Chapter 5: Implementing and Maintaining a Secure Network

Figure 5.1: NetBIOS binding to TCP/IP network protocol

Figure 5.2: Network binding in a Windows 98 system

Figure 5.3: Event view log of a Windows 2000 system

Figure 5.4: Hierarchical file structure used in Unix and other operating systems

Figure 5.5: E-mail virus scanner on an e-mail server

Figure 5.6: Network share connection

Figure 5.7: Directory structure showing unique identification of a user

Chapter 6: Working with a Secure Network

Figure 6.1: The three-layer security model

Figure 6.2: A mantrap in action

Figure 6.3: Network perimeter defense

Figure 6.4: Network security zones

Figure 6.5: Network partitioning separating networks from each other in a larger network

Figure 6.6: Cell system in a metropolitan area

Figure 6.7: Electromagnetic interference (EMI) pickup in a data cable

Figure 6.8: RF Desensitization occurring as a result of cellular phone interference

Figure 6.9: Water-based fire suppression system

Figure 6.10: Information breakdown

Figure 6.11: The Bell La-Padula model

Figure 6.12: The Biba model

Figure 6.13: The Clark-Wilson model

Figure 6.14: The Information Flow model

Figure 6.15: The Noninterference model

Chapter 7: Cryptography Basics and Methods

Figure 7.1: A simple transposition code in action

Figure 7.2: A very simple hashing process

Figure 7.3: Quantum cryptography being used to encrypt a message

Figure 7.4: Symmetric encryption system

Figure 7.5: A two-key system in use

Figure 7.6: Cryptographic systems protect data from internal and external disclosure.

Figure 7.7: A simple integrity checking process for an encrypted message

Figure 7.8: The MAC value is calculated by the sender and receiver using the same algorithm.

Figure 7.9: Digital signature processing steps

Figure 7.10: A one-time pad used for authentication

Figure 7.11: The Certificate Authority process

Figure 7.12: An RA relieving work from a CA

Figure 7.13: The LRA verifying identity for the CA

Figure 7.14: A certificate illustrating some of the information stored

Figure 7.15: Certificate revocation request

Figure 7.16: A hierarchical trust structure

Figure 7.17: A bridge trust structure

Figure 7.18: A mesh trust structure

Figure 7.19: A hybrid model

Chapter 8: Cryptography Standards

Figure 8.1: The RFC process for standards development

Figure 8.2: Organizational chart of the International Telecommunications Union

Figure 8.3: The SSL connection process

Figure 8.4: The TLS connection process

Figure 8.5: The ISAKMP Protocol negotiation and connection process

Figure 8.6: Two web-enabled systems communicating via the XKMS process

Figure 8.7: The SET transaction in process

Figure 8.8: The SSH connection-establishment process

Figure 8.9: The PGP encryption system

Figure 8.10: WTLS security between a PDA and a wireless server

Figure 8.11: A centralized key-generating facility

Figure 8.12: A distributed key-generating system

Figure 8.13: The KDC process in a Kerberos environment

Figure 8.14: The KEA process

Figure 8.15: The key archival system

Figure 8.16: Symmetrical and asymmetrical keys in use

Chapter 9: Security Policies and Procedures

Figure 9.1: Server clustering in a networked environment

Figure 9.2: The four primary RAID technologies used in systems

Figure 9.3: Database transaction auditing process

Figure 9.4: Grandfather, Father, Son backup method

Figure 9.5: Full Archival backup method

Figure 9.6: A backup server archiving server files

Figure 9.7: System regeneration process for a workstation or server

Figure 9.8: Parties in a certificate-based transaction

Figure 9.9: Privilege grouping

Figure 9.10: AD logon process validating a user