Topic 1: General Security Concepts

Your ability to understand the CIA triangle (Confidentiality, Integrity, and Availability) will help you in many questions that are indirec
related to the triangle on the exam. Remember that confidentiality refers to the idea that information should remain only accessible
who are meant to access it; integrity is the concept that information should remain in the same form as it was originally intended (i.
maliciously changed); availability refers to the idea that information should be accessible (think Denial of Service)
Remember that access control refers to the ability to protect the confidentiality of information through controlling a users access to
information. Remember the three types of authentication factors:
Type 1: What you know: Information, like passwords
Type 2: What you have: Items, like lock-and-key or cards
Type 3: What you are (Most secure): Biometrics, like fingerprints
Accountability refers to the idea that a user should be accountable to actions performed under his/her name. Non-repudiation is the
that a user should not be able to repudiate that he/she is responsible for something (for example, a file may say to have been edite
John, but how do we know John actually edited it?)
Make sure you understand Kerberos. Look back in the Security+ Study Guide
if you do not. Here is a condensed sequence of events: Client sends login
information to KDC (Key Distribution Center), which verifies a clients credentials and sends a request to TGS (Ticket Granting Ser
TGS sends a TGT (Ticket Granting Ticket) to the client.
Make sure you understand and can recognize each of these attacks, as you will be tested on at least two of these on the exam:
SYN Flood: Sending TCP packets to deny availability
ICMP Flood: Sending ICMP (usually ping) packets to deny availability
UDP Flood: Sending UDP packets to deny availability
Smurf: A special ICMP Flood attack that broadcasts ICMP requests
Buffer Overflow: Sending a malformed packet that overflows a memory address to deny availability and possibly gain privile
(destroy confidentiality/integrity)
Backdoor: Gain access through a secret program (Trojan horse)
Sniffing: Read information off the network
Spoofing: Hiding or disguising an address to make it appear that the requests come from another source
Man-in-the-Middle: Intercepting packets and changing the contents (denies confidentiality and integrity)
Replay: Session key sniffed and then used
Birthday attack: Probability-based
Social engineering: Low-tech attack on people who dont understand security
Virus: Propagates through user action (usually email)
Worm: Self-propagating and uses exploits
Topic 2: Communication Security

Remote Access Technologies include PPP (widely used for dial-up TCP/IP access), PPTP (tunneled PPP), RADIUS (UDP-based),
TACACS+ (similar to radius, but TCP-based and Cisco proprietary)
L2TP operates on the Data-Link layer; IPSec operates over Network layer and has two protocols: AH and ESP
S/MIME, MOSS, PEM, PGP all email security programs. PGP is popular and uses IDEA
Applets are programs that run in a browser: Some include C#, VB.Net, Java, and ActiveX
S-HTTP is connectionless while SSL is connection-oriented; SSL 3.0 is known as TLS
Cookies simply store information for websites to use (they are not inherently malicious)
S-FTP is FTP over SSH; TFTP offers no authentication or encryption
Active Directory is Microsofts implementation of LDAP
Disk spanning allows a file system to be spread over multiple physical drives
WTLS is WAPs built-in security system and operates over TLS
802.11 is the standard for wireless, and includes sub-standards a, b, g, and n
SSID is the name of a network based in infrastructure mode
WEP is weak security system for wireless LANs; WEP operates on Layers 1 and 2 (Physical and Data link)
802.1x is a key management protocol that uses EAP
Topic 3: Infrastructure Security

Make sure you know some basic networking concepts and hardware:
Cladding is the glass insulator in fiber optic cabling
STP cabling is said to be shielded against EMI, or electric interference
Also, for the Security+ exam, an understanding of the types of firewalls is essential:
Packet filtering: Works by examining headers
Circuit-level gateway: Maintains state information (connection-based)
Application-level gateway: Examines each packet coming in for content
Proxy server: Special application-level gateway that ensures no direct connection between an un-trusted and trusted netwo
ACL is the list that defines the rules that a packet filtering firewall follows
The exam tests heavily on the security zone designs or topologies:
Screening router: One router between the trusted and un-trusted
Dual-homed gateway: A bastion host and router between trusted and un-trusted
Screened host gateway: A bastion host that can examine traffic between trusted and un-trusted
Screened-subnet: A bastion host (and DMZ zone) between two routers
Its important to understand the distinctions of IDS systems:
Active: Finds and attempts to circumvent threats (more susceptible to attacks)
Passive: Finds threats and alerts administrator
Network-based: Operates as independent network node
Host-based: Requires that special software be installed on each node
Knowledge-based: Works using signatures and known attacks
Behavior-based: Works by analyzing baseline v. real-time network traffic
Relaying refers to the behavior of SMTP servers that will send a message from any source (should be disabled)
Patches fix security issues from vendors
Anonymous services allow access without authentication
Topic 4: Basics of Cryptography

The work factor of an algorithm refers to the amount of resources and time it takes for the algorithm to operate
A key is the value that can encrypt or decrypt text
Public-key or asymmetric algorithms are more scalable and easier to manage than symmetric or secret key algorithms, but they re
more overhead and are slower
End-to-End encryption refers to the idea that packets are encrypted at the source and decrypted at the destination
AES is a symmetric algorithm based on Rijndael Block Cipher
Block ciphers encrypt clear text block-by-block while stream ciphers encrypt text in real time
Symmetric algorithms include: DES, 3DES, AES, IDEA
Asymmetric algorithms include: Diffie-Hellman, RSA, El Gamal
Hashes do not allow for the decryption of cipher text. Think of a hash as a special type of cryptographic "one-way," one-to-one func
Here is a brief overview of how asymmetric or public-key cryptography works:
Billy wants to send Sue information. Billy encrypts the information with Sue's public key, which everyone knows
Sue receives the information Bill sent and decrypts it with her private key, which only Sue knows
Sue sends Bill information back, encrypting it with his public key
Bill decrypts the information using his private key
Topic 5: Organizational Security
Business Continuity Planning refers to continuing normal day-to-day operations after a disaster
Disaster Recovery Planning refers to fixing the problems a disaster causes
Backup types that you should know for the exam:
Full: The information is backed up in entirety
Differential: Only the data changed since the last full backup is backed up
Incremental: Only the data changed since the last full or incremental backup is backed up
The greatest amount of time that a system can withstand being un-operational is called the MTD or maximum tolerable downtime
Risk analysis is the practice of assessing which threats are relevant and pressing
Topic 6: Tables & Charts
Cryptographic Algorithms and Protocols
Name

Type

Algorithm

Size

Strength

Replaced By

DES

Symmetric

Block cipher

64 bit (56 + 8 parity)

Very weak

3DES

3DES

Symmetric

Block cipher

192 bit (168 bit + 24 parity)

Moderate

AES

AES

Symmetric

Rijndael Block cipher

Variable (128, 192, 256)

Strong

N/A

RC5

Symmetric

RSA Block mode cipher Variable (up to 2048)

Very Strong N/A

RSA

Asymmetric

Key transport

512

Strong

N/A

Diffie-Hellman Asymmetric

Key exchange

N/A

Moderate

El Gamal

El Gamal

Asymmetric

Key exchange

N/A

Very Strong N/A

MD5

Hash (Digest) Rivest MD5 Block Hash 512 bit block processing/ 128 bit digest Strong

SHA-1

Hash

Rivest SHA Hash

512-bit processing/160 bit digest

Very Strong N/A

HMAC

Hash

Keyed Digest

Variable

Very Strong N/A

Fire Suppression Technology

MD6, et. Al.

Fire Class Fuel

Suppression Tech

Common organic combustibles Water

Fuels

Carbon dioxide, soda acid, Halon

Electrical fires

Carbon dioxide, Halon

Chemical

Halon, specialized agents

Remote Access Technologies

Name

Type Features

Protocol Replaced By

PPP

RAS PAP, CHAP, EAP

TCP/IP

N/A

RADIUS

RAS PAP, CHAP

UDP

N/A

TACACS

RAS PAP, CHAP

UDP

TACACS+

TCP

N/A

TACACS+ RAS Many

PPTP

VPN PPP tunneling, PAP, CHAP, EAP Layer 2

L2F, L2TP

L2F

VPN Cisco Based

Layer 2

N/A

L2TP

VPN Combines PPTP and Cisco

Layer 2

N/A

IPSec

VPN Transport / Tunnel mode

Layer 3

N/A