Está en la página 1de 2


Man-in-the-middle attacks involve the 26. Network intrusion detection systems (NIDS)
interception of traffic between two systems designed to catch attacks in progress
using a third system pretending to be the within the network, not just on individual
others. machines or the boundary between private
12. Replay attacks involve the reposting of and public networks.
captured data. 27. Proxy servers can be placed between
13. TCP/IP hijacking involves taking control of the private network and the Internet for
a TCP/IP session. Internet connectivity on internally for web
content caching.
The Security+ Cram Sheet 14. Mathematical attacks involve cryptograph-
ic key cracking. 28. Protocol analyzers can be placed in-line
or in between the devices from which you
15. Password-guessing, brute-force, and
want to capture the traffic.
This Cram Sheet contains the distilled, key facts about the Security+ exam. Review this informa- dictionary attacks involve repeated guess-
tion as the last step before you enter the testing center, paying special attention to those areas ing of logons and passwords. Common Access Control Models
where you feel that you need the most review. 16. A null session is a connection without 29. Access control includes considerations of
specifying a username or password. direct access, network access, facilities,
17. DNS poisoning allows a perpetrator to and the environment supporting a system.
Systems Security 6. Protocol vulnerabilities include the redirect traffic by changing the IP record 30. Print and file sharing increases the risk of
following: for a specific domain, thus permitting the
1. Programming errors can result in system intruders being able to access any of the
compromise, allowing someone to gain . TLS attacker to redirect legitimate traffic files on a computer’s hard drive.
unauthorized privileges, known as privilege . LDAP anywhere they choose.
31. Every operating system object created has
escalation. . FTP, including anonymous access and 18. In ARP poisoning, the attacker deceives a a security attribute that matches it to an
2. Forms of system security threats include unencrypted authentication device on your network, poisoning its table access control list.
the following: . Wireless protocols, including WEP key associations of other devices.
32. Identity proofing is an organizational
. Viruses: Infect systems and spread analysis 19. Domain kiting refers to the practice of process that binds users to authentication
copies of themselves taking advantage of the add/grace period methods.
7. A site survey is necessary before deploying (AGP) to monopolize domain names with-
. Trojans: Disguise malicious code a WLAN. out ever paying for them.
within apparently useful applications Access Control
. Logic bombs: Trigger on a particular Network Infrastructure Security Applications 33. Authentication involves determining the
condition 20. Host intrusion detection systems (HIDSs) identity of the account attempting access
8. Denial-of-service (DoS) and distributed
. Worms: Self-replicating forms of other are implemented to monitor event and to resources. Here are some key points:
denial-of-service (DDoS) attacks involve
types of malicious code applications logs, port access, and other
the disruption of normal network services . Kerberos authentication is a ticket-
. Bots: Systems that can be controlled running processes.
and include the following types: based, symmetric-key authentication
by outside sources 21. Antivirus software is used to scan for any system involving a KDC. Kerberos v5
. Smurf: An attack based on the ICMP
. Rootkits: Piece of software that can echo reply malicious code present in the system supports mutual authentication.
be installed and hidden on a computer . Fraggle: Smurf-like attack based on whether downloaded or copied from other
. CHAP involves the exchange of
mainly for the purpose of compromis- systems.
UDP packets hashed values for authentication.
ing the system 22. The main component of antispam software
. Ping flood: Blocks service through . Certificates are used within a PKI to
. Spyware: Software on your PC that is heuristic filtering. Heuristic filtering has a
repeated pings provide an asymmetric-key solution.
is sending information about you and predefined rule set that compares incom-
. Username and password combinations
your surfing habits to a remote location . SYN flood: Repeated SYN requests ing email information against the rule set.
without ACK are the most common form of authen-
. Spam: Term that refers to the sending 23. While some pop-ups are helpful, many
. Land: Exploits TCP/IP stacks using tication.
of unsolicited email. are more of an annoyance and others can
spoofed SYNs (where the same source contain inappropriate content or entice the . Token-based authentication is a strong
Security Risks Pertaining to System address and port appears in both user to download malware. form requiring possession of the token
Hardware and Peripherals source and destination elements) 24. Virtualization gives the organization more
3. The BIOS can be compromised in several . Teardrop: An attack using overlapping, control over the environment because . Biometric authentication uses parts of
ways: BIOS password, known vulnerabili- fragmented UDP packets that can’t be applications can be isolated and hardware the human body (hand, finger, iris, and
ties, and bypassing access control. reassembled correctly resources can be shared. so on) for authentication.
4. Small, high-capacity, removable storage . Bonk: An attack on port 53 using Remote Access
devices present a concern when it comes fragmented UDP packets with bogus Apply Network Tools
34. Remote access includes these items:
to corporate security and protecting reassembly information 25. Firewalls separate external and internal
proprietary information. networks and include the following types: . 802.11x wireless networking (Wi-Fi)
. Boink: Bonk-like attack on multiple
ports . Packet-filtering firewalls (network layer, . Virtual private network (VPN) connec-
Online Vulnerabilities Layer 3) tions
5. Web vulnerabilities include the following: 9. A back door allows access to a system
. Proxy-service firewalls, including . Dial-up using RADIUS, TACACS, or
due to checks that left open during the
. Java and JavaScript circuit-level (session layer, Layer 5) TACACS+
development stage.
. ActiveX controls and application-level (application layer, . SSL connections
10. Spoofing is the process of making data
. Cookies Layer 7) gateways . Packet-level authentication via IPsec in
look as if it came from a trusted or legiti-
. CGI vulnerabilities mate origin. . Stateful-inspection firewalls (applica- the network layer (Layer 3) of the OSI
tion layer, Layer 7) model
. SMTP relay vulnerabilities
35. VPN connections use PPTP or L2TP 59. Certificate authorities may be grouped
Cryptography Organizational Security
connectivity. into several trust models, including the
36. SSH functions as a secure Telnet. Algorithms following: Redundancy Planning
37. RAS allows remote dial-up (Telecom/PBX) 50. Symmetric-key algorithms depend on . Single CA: Uses a single CA 65. A disaster recovery plan (DRP) details
or VPN connections. a shared single key for encryption and . Hierarchical CA: Uses a root CA and considerations for backup and restoration,
decryption. Examples include DES, 3DES, subordinate CAs including secure recovery methods. Some
Securing Connectivity AES, Blowfish, IDEA, and the Rivest . Bridge CA: Uses a bridge CA and of the items within the DRP are impact and
38. Email can be secured using the S/MIME or ciphers (RC2, RC4, RC5, and RC6). principal CAs risk assessments and service-level agree-
PGP protocols. 51. Asymmetric-key algorithms use a public 60. IPsec consists of AH, ESP, IPComp, and ments (SLAs) with suppliers and vendors.
39. Email and instant messaging suffer from key for encryption and a private key for IKE. 66. A business continuity plan details the
undesired messages (spam) and hoaxes. decryption. Examples include the RSA, procedures to follow to reestablish proper
40. Web connectivity can be secured using Diffie-Hellman, El Gamal, and Elliptic Curve Key Management and Certificate connectivity as well as the facilities needed
HTTPS, SSL, and TLS. Cryptography standards. Lifecycle to restore data in the event of a catastroph-
41. Access control includes MAC, DAC, and 52. A hashing algorithm uses a mathematical 61. Key management and the certificate ic loss. Items of consideration include
RBAC (Rule-Based Access Control or formula to verify data integrity. Examples lifecycle support PKI solutions through network connectivity, facilities, clustering,
Role-Based Access Control). include the SHA and the message digest the process of creating, using, and then and fault tolerance.
series algorithms (MD2, MD4, and MD5). destroying public keys and the digital 67. Backups may be full, incremental, differen-
certificates they are associated with. tial, daily, or copy.
Assessments and Audits Concepts of Using Cryptography The lifecycle includes the following parts: 68. RAID organizes multiple disks into a large,
Intrusion Detection 53. Cryptographic encryption improves . Key generation: A public key pair is high-performance logical disk:
confidentiality. created and held by the CA.
42. Intrusion detection may be managed by . RAID 0: Striped disk array without fault
two basic methods: knowledge-based and 54. Error checking within encryption/decryp- . Identity submission: The requesting tolerance.
behavior-based detection. tion schemes ensures data integrity. Digital entity submits its identity to the CA.
signatures are used to sign data so that the . RAID 1: Mirroring and duplexing with
43. An IDS monitors packet data using . Registration: The CA registers the fault tolerance
recipient can verify the data’s origin. request and verifies the submission
behavior-based or knowledge-based . RAID 5: Independent data disks with
methods, operating in network-based or 55. Cryptographic routines can perform user identity.
authentication and provide for nonrepudia- distributed parity blocks for fault
host-based configurations. . Certification: The CA creates a tolerance
tion of data origin. certificate signed by its own digital
44. Honeypots and honeynets are used to
study the actions of hackers and to 56. Cryptographic methods may be used for certificate. Security Policies and Procedures
distract them from more valuable data and access control. . Distribution: The CA publishes the 69. Security policies define guidelines and
to keep them busy while collecting info generated certificate. specifications for general types of security
Public Key Infrastructure (PKI) considerations. Policies include risk
about the attack patterns they use. . Usage: The receiving entity is autho-
57. PKI relies on asymmetric-key cryptography assessment, security, acceptable use,
45. Incident handling may include detection, rized to use the certificate only for its
using certificates issued by an authenti- and compliance. Procedures are step-by-
deflection, or countermeasures. intended use.
cation certificate authority (CA) such as step items defined within each policy that
46. A security baseline is a measure of normal VeriSign. . Revocation and expiration: The specify the responsible agents, actions to
network activity against which behavior- certificate will expire or may be
58. Certificates are digitally signed blocks of be taken, and methods for proper
based IDSs measure network traffic to revoked earlier if needed.
data that may be used within a PKI setting. reporting.
detect anomalies. . Renewal: If needed, a new key pair
Some things to remember about 70. Risk identification includes asset identifica-
47. Hardening is the process of securing a certificates include the following: can be generated and the certificate tion, risk assessment, threat identification
host, network, or application to resist renewed.
. Certificate policies specify the uses and classification, and identification of
attacks. Some key services that should . Recovery: Recovery is possible if a
for a certificate as well as additional vulnerabilities.
be considered during hardening are web, certifying key is compromised but the
technical data. 71. Education is required to ensure that users
email, FTP, DNS, NNTP, DHCP, file, print, holder is still valid and trusted.
and data repository servers. A Certificate Practice Statement (CPS)
.  are aware of required and recommended
is a legal document that details the . Archiving: The certificates and their security guidelines.
Monitoring Tools purpose of conveying information uses are stored. 72. All aspects of security must be document-
48. Useful network diagnostic tools include the using a certificate. 62. Key management may be either centralized ed, including security policies, architecture
following: . Certificates can be revoked before or decentralized. documentation, as well as retention and
. Ping their expiration date. 63. Key escrow occurs when a CA or other disposal procedures for each form of
. A CRL is used when verification of entity maintains a copy of the private key documentation and storage media.
. Tracert/traceroute
digital certificate takes place to ensure associated with the public key signed by 73. Computer forensic analysis includes the
. Nslookup the CA.
the validity of a digital certificate. need to establish a clear chain of custody,
. Netstat 64. Multiple key pairs will require multiple properly collect the evidence, correctly
. A newer mechanism for identifying
. IPConfig/ifconfig revoked certificates is the Online certificates. perform the investigation, document all
. Telnet Certificate Status Protocol (OCSP). actions and findings, preserve all evi-
. SNMP dence and documentation, and prepare to
provide expert testimony or consultation if
49. Workstations, servers, and mobile devices
(such as PDAs) require configuration to
improve security beyond the default.