Tuesday, August 27, 2013

Security+ Study Resources

If you're studying for  the Security+ exam, you might like to check out some of these Security+ Study Resources.

Recent Security+ Blogs

Recent Security+ blogs posted on the Get Certified Get Ahead Blogs site.

Are you ready for the new performance based questions? This page has links to several blogs discussing them so that you won't be surprised by these new questions.

Security+ Acronyms Flashcards

CompTIA expects you to know and understand many acronyms when taking the Security+ exam.

This applet on the Get Certified Get Ahead site shows random Security+ acronyms as flashcardsThese  flashcards provide you with a quick reminder of many of the different Security+ related terms along with a short explanation. 

The concepts are explained in greater depth in the full version of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

Here are a couple of screenshots for one of the acronyms:
Security+ Acronyms Flashcards Front
Security+ Acronyms Flashcards Back


Security+ Quiz

A Security+ quiz to help you test your comprehension of Security+ topics. The quiz randomizes the questions and answers, and provides a score at the end. After completing the exam, you can review all the questions and answers.

Questions include in-depth explanations that you can review after completing the exam so you'll know why the correct answers are correct and why the incorrect answers are incorrect. This way no matter how CompTIA words the questions, you'll be able to answer them correctly.

Here's a screenshot of one of the questions. Can you get them all correct?
Security+ Quiz


Free - Security+ Flashcards

Check out this addition to the Get Certified Get Ahead site - Security+ Flashcards.

These flashcards are similar to the flashcards in the CompTIA Security+: Get Certified Get Ahead- SY0-401 Practice Test Questions Kindle version and the flashcards in the Learnzapp Security+ practice test questions app and are derived from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

Here are screenshots of one flashcard for Security+ objective 5.3.
 Security+ Flashcards
 Security+ Flashcards
They work similar to how the Security+ Acronyms Flashcards work.

Recent Get Certified Get Ahead Tweets



Security+ Study Guide

Pass the Security+ exam the first time you take it with the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
  • Eleven chapters present topics in an easy to understand manner and include real-world examples of security principles in action.
  • The author uses many of the same analogies and explanations he's honed in the classroom. These analogies an explanations have helped hundreds of students master the Security+ content.
  • You'll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details.
You'll be ready to take and pass the exam the first time you take it.
  • Each chapter includes a comprehensive review section to help you focus on what's important.
  • Over 450 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam.
  • Includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter.
  • Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question.

Security+ Practice Test Questions Mobile App

Practice test questions for your mobile devices. Learnzapp has apps for a wide assortment of mobile devices including Apple, Android, Amazon, Nook, and Blackberry.
  • In-depth coverage of all six domains in the CompTIA Security+ SY0-401 exam.
  • App includes 275 realistic practice questions to help you assess your exam readiness.
  • Questions include in-depth explanations to help you understand why the correct answers are correct and the incorrect answers are incorrect.
  • 175 flashcards to help you review important testable concepts.
  • Buy once. Use on any device.
  • Amazing interactive user experience. Internet connection not required.
Get Certified Get Ahead - Mobile Apps

Security+ Practice Test Questions on Kindle

Check your readiness for the Security+ exam with the CompTIA Security+ SY0-401 Practice Test Questions (Get Certified Get Ahead)
book. Available in both paperback and Kindle format.
  • Includes 280 realistic practice test questions with in-depth explanations so that you'll know why the correct answers are correct, and why the incorrect answers are incorrect.
  • Kindle edition includes dozens of flash cards specifically formatted for the Kindle.
You can download free Kindle applications for just about any device from here.
Get Certified Get Ahead Practice Test Questions

The book is organized in six chapters matched to the six Security+ domains.Each chapter in the Kindle edition includes three sections:
  1. Practice test questions without answers. Created for readers that want to go through all the questions without seeing the correct answers or explanations.
  2. Practice test questions including answers formatted for the Kindle. One Kindle screen shows the question. When you decide what you think is the correct answer, go to the next Kindle screen to see the correct answer. Each question includes an in-depth explanation so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.
  3. Flash cards formatted specifically for the Kindle to help reinforce important concepts. One Kindle screen shows a flash card type question and the next Kindle screen shows the answer.The introduction includes details on the exam to give you an idea of what to expect.
Additionally, the acronym list at the end of the book provides relevant details on many of the acronyms referenced in the Security+ exam.

Security+ Audio Test Questions on Facebook

Learn by Listening

Supplement your studies with Security+ audio files read directly from the CompTIA Security+ Get Certified Get Ahead SY0-401 book. A total of over 4 hours and 40 minutes are now available.
Supplement your studies with Security+ audio files you can listen to while on the go.

Listen to key topics from all the chapters of the top selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, or focus on just the topics you want to brush up on.
  • Learn while driving or commuting
  • Learn while exercising
  • Learn any time

Note that these audio files are not the entire 556 page book which could easily be forty hours of listening time. Instead, they focus on key information to supplement your studies.

Choose from one of two audio downloads currently available or get them both.

You can get either the Remember This audio from the book to reaffirm key testable concepts, or the Practice Test Questions and Answers audio which includes full explanations to help you understand why the correct answers are correct, and why the incorrect answers are incorrect.

Listen on your iPod or MP3 player.

Free sample from chapter 8 available for a limited time. This audio sample includes the Remember This blocks from chapter 8 which are key topics to know for the exam.
Buy the Questions and Answers audio here.

Audio files read directly from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide by a professional voice actor.
Buy the Remember This audio here.

Audio files read directly from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide by a professional voice actor.


Free Security+ Practice Test Questions on Facebook

The Get Certified Get Ahead Facebook page is dedicated to helping people pass certification exams the first time they take them. Get Certified and Get Ahead in Your career.

It includes discussions, resources, and free practice test questions on the core three CompTIA certifications: A+, Network+, and Security+. Get Certified Get Ahead is hosted by Darril Gibson, author of over 30 books including successful books on A+, Network+, and Security+ certifications.

Check out the new Security+ Quiz on the Get Certified Get Ahead site.

Saturday, August 10, 2013

Get Certified Get Ahead

I have expanded many of my post topics to include much more than just the Security+ exam. With that in mind, I am posting these blogs on my Get Certified Get Ahead blogs page. Here are some links that might be useful:

Main Pages Get Certified Get Ahead Main site
Get Certified Get Ahead Blogs
Security+ Security+ Blogs Links
Security+ Performance Based Questions
Network+ Network+ Blogs Links
Network+ Performance Based Questions
A+ A+ Blogs
Recent Blogs Tweets by Darril Gibson

Wednesday, July 24, 2013

Will This Certification Get Me A Job?

Will the Network+ Certification Get Me a Job?

Here's a question I often receive from people: "Will this certification get me a job?" It's sometimes worded a little differently. Here are a few variations.

Here's the Short Answer

No.

Long Answer

A certification helps you land an interview but is only a small part of a larger picture. Most companies are looking for someone that will be a good fit in the job within the company but they are interested in much more than just what tests you can pass. However, if you can't pass the test, you often never get the interview.
Here's the typical process for someone pursuing and being offered a job
  • An organization advertises for a job
  • You submit a resume (with or without a cover letter)
  • Your resume is picked as a possible candidate
  • You might be asked to complete one or more tests
  • You are asked to do one or more interviews
  • You are given an offer
  • You start your new job
Your certification and the underlying knowledge is important when your resume is reviewed, when you complete some technical pre-interview tests, and when you're interviewed. However, it is isn't the only important element.
Get Certified Get Ahead - Certification Get Me A Job

Rare Exception

With very few exceptions, you need more than a certification to get a job. Here's an example of a rare exception.

Imagine someone named Joe who recently left the U.S. military with a security clearance. Joe has very little IT experience but decides to pursue the A+ certification and earns it.

A contractor (called Acme of Wiley E. Coyote and Road Runner fame) has a contract with the U.S. DoD. One position recently opened up. It requires someone with an A+ certification and a security clearance. Normally, Acme gets $50 an hour for every hour a person is working in this position and they pay $30 an hour to someone working in it. Acme is losing $20 an hour (or about $800 a week) for every hour this position remains unfilled.

If Joe applies and can prove he has an A+ certification, the clearance, and a pulse, he has the job.

Your goals

When pursuing a new job, you often have two short-term goals.
  • Get an interview. The first goal is to get an interview. You have the best chance of success here if your resume has the certifications and the knowledge/skillset required for the job. A cover letter (or email introduction) also helps.
  • Shine during the interview to get an offer. You need to demonstrate that have the knowledge/skillset required by the job and you are a good fit on the organization's team. This is often much more than your technical ability.
If you're not getting interviews, improve your resume and introduction process.

Check out this article: Skills mismatch hinders the hiring of new graduates, survey finds. It mentions that "Forty-nine percent of human resource officials polled by the professional organization said this year’s college graduates lack basic English skills in grammar and spelling."  This is often reflected in applicant's resumes. A single typo can get your resume thrown in the rejection pile.

If you're not getting jobs after interviews, improve your interview techniques. Check out this article for five tips to help you during your next interview.

Elimination Phases

Hiring managers often have a very short time to look at a resume. When a job requires a certification, resumes without the certification are quickly eliminated. A hiring manager might have 100 resumes to fill a single job and this job requires a specific certification. He looks through them and sees that only about 10 include the certification. The rest are tossed aside.

If you have the certification they require, you'll make it to the next phase. However, just having this on your resume won't be enough.

Here's a resume tip I recently posted on the Get Certified Get Ahead Facebook page.

~~~ Resume Tip ~~~ Take the time to target your resume for every new position. Ensure each resume includes the key words of the position you’re applying for, so that it has a better chance of being noticed. Many employers and head hunters accept resumes online and put them into a database. They then search the databases with specific keywords. If you use a one-size-fits-all resume, you have less of a chance to get the interview and ultimately the job.

Testing  Phases

Some jobs require candidates to take one or more tests. Some tests are strictly technical asking you multiple-choice technical questions. You aren't expected to ace them, but they often give the hiring managers an idea of your technical knowledge.

Other tests are deeper. Organizations sometimes use psychological tests to gauge how someone might interact with customers or how they might respond in a highly stressful environment. Again, perfect answers aren't expected, but they do give the hiring managers some insight.

One test that will surely eliminate you is a drug test. Many companies require you to submit to drug testing to see if you are a drug user.

Background Check Phase

It's common for an organization to do a background check on a potential employee at just about any point in the hiring process. A background check typically includes legal and financial checks.

Legal checks often include local, state, and national sources to see if a potential employee has any legal issues that might impact their employment. Legal issues won't necessarily eliminate a person from a job. As an example, it probably won't matter if a person with a recent speeding ticket is applying for a technical job that doesn't require driving.  On the other hand, if a person is asked and they lie about it, it will matter. 

Financial checks are used in many different ways. I remember a student in a class telling me that insurance companies frequently use financial checks when pricing insurance policies. A poor credit score typically results in a higher priced policy. Similarly, hiring managers might equate a poor credit score with a lower level of responsibility and use this as an elimination factor.

Interview Phases

During the interview phase, you have an opportunity to shine. You can expect to be asked about your knowledge and skill set related to the job and you should be able to easily talk about anything you've included on your resume.

If you list a Security+ certification, you might be asked about the certification, or content that someone that passed the certification would be expected to know. If your answers indicate that your resume claim is incorrect, expect to be eliminated. As an example, if your resume indicates you have a certification but you admit during the interview that you don't have it, expect to be eliminated.

You can also expect to be asked questions that will bring out your personality. These types of questions are rarely direct. However, how you respond, especially to questions you aren't prepared to answer, help people understand you better. You won't hear questions like the following list, but interviewers are often curious about the answers to them just the same.
  • Are you a goal-setting achiever? Or are you are a quitter?
  • Do you enjoy participating in a team to help the company succeed? Or are you out for yourself only.
  • Are you friendly and look for the best in people? Or do you carry a chip on your shoulder looking for the worst in others?

Summary - Certifications Make you Marketable

In summary, a certification can certainly make you marketable, but it isn't the only consideration for any job. You cannot expect any certification to get you a job. You can expect a certification to make you more marketable and help you land an interview. After that, it's up to you.

 

Wednesday, July 3, 2013

Identify Social Engineering Attacks

Identify Social Engineering Attacks

Can you identify different types of social engineering attacks in the Security+ exam?

The Security+ exam expects you to to be able to analyze and differentiate different types of social engineering attacks, including shoulder surfing, dumpster diving, tailgating, impersonation, hoaxes, whaling, phishing, and vishing.  You might even see a performance based question related to these types of attacks. 

Social engineering is the practice of using social tactics to gain information. It’s often low-tech and encourages individuals to do something they wouldn’t normally do, or cause them to reveal some piece of information, such as their user credentials.

Some of the individual methods and techniques include:
  • Flattery and conning
  • Assuming a position of authority
  • Encouraging someone to perform a risky action
  • Encouraging someone to reveal sensitive information
  • Impersonating someone, such as an authorized technician
  • Tailgating or closely following authorized personnel without providing credentials

Performance Based Questions

Topics such as identifying attacks are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to identify an attack and match it to the most likely target. If you're unfamiliar with the new performance based questions, check out these blogs too:

Matching Attacks Practice Question

The following table includes three columns: attack methods, attack targets, and attack types. However, they are jumbled and not in the correct order.

Would you be able to rearrange the items in the table so that each attack method is matched to the appropriate attack target and attack type? Each attack method, attack target, and attack type is used only once so your solution needs to ensure that all choices are used.
Attack Methods Attack Targets Attack Types
Identify Social Engineering Attacks - Internet Internet Web Page Identify Social Engineering Attacks - CEO CEO

Rogueware

Identify Social Engineering Attacks - Phone Attacker
Phone Attacker
Identify Social Engineering Attacks - UserUser

Vishing

 Identify Social Engineering Attacks - Email Identify Social Engineering Attacks - Receptionist Receptionist

Whaling

Pass the Security+ exam the first time you take it: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Phishing and Whaling

Phishing is the practice of sending e-mail to users with the purpose of tricking them into revealing personal information or clicking on a link. A phishing attack will often send the user to a malicious website that appears to the user as a legitimate site.

The classic example is where a user receives an e-mail that looks like it came from eBay, PayPal, a bank, or some other well-known company. The “phisher” doesn’t know if the recipient has an account at the company, just as a fisherman doesn’t know if any fish are in the water where he casts his line. However, if the attacker sends out enough e-mails, the odds are good that someone who receives the e-mail has an account.

Whaling is a form of spear phishing that attempts to target high-level executives.

As an example, attackers singled out as many as twenty thousand senior corporate executives in a fine-tuned whaling attack a few years ago. The e-mails looked like official subpoenas requiring the recipient to appear before a federal grand jury and included the executive’s full name and other details, such as their company name and phone number.

The e-mails also included a link for more details about the subpoena. If the executives clicked the link, it took them to a website that indicated they needed a browser add-on to read the document. If they approved this installation, they actually installed a keylogger and malware. The keylogger recorded all their keystrokes to a file, and the malware gave the attackers remote access to the executive’s systems.

Similar whale attacks have masqueraded as complaints from the Better Business Bureau or the Justice Department. Executives are sensitive to issues that may affect the company’s profit, and these attacks often get their attention. This blog also covers phishing, spear phishing, and whaling.

Vishing

Vishing attacks use the phone system to trick users into giving up personal and financial information. It often uses Voice over IP (VoIP) technology and tries to trick the user, similar to how other phishing attacks try to trick the user. When the attacker uses VoIP, it can spoof the caller ID, making it appear as though the call came from a specific company.

In one form of a vishing attack, a person receives a phone message indicating they need to call about one of their credit cards, and the message provides a phone number. In another form, the person receives an e-mail with the same information.

If the person returns the call, an automated recording gives some vague excuse about a policy and then prompts the user to verify their identity. One by one, the recording prompts the user for information like name, birthday, Social Security number, credit card number, expiration date, and so on. Once the person provides the information, the recording indicates the account is verified. What really happened, though, is that the person just gave up some important data to a criminal.

Rogueware

Rogueware (or scareware) is a type of Trojan that masquerades as a free antivirus program. When a user visits a site, a message on the web page or a popup appears indicating it detected malicious software (malware) on the user’s system. The user is encouraged to download and install free antivirus software. Users that take the bait actually download and install malware.

After a user downloads it and starts a “system scan,” it will report that it has located malware  and pop up an official looking warning. In reality, it doesn't scan for malware and will always reports bogus infections.

If users try to remove the threats, they are informed  that this is only the trial version, and the trial version won’t remove any threats. However, for the small fee such as $79.95,  users can unlock the full version to remove the threats. Many people pay. Panda security reported that criminals took in an average of $34 million a month in recent years. This blog also covers rogueware.

Matching Attacks Practice Question Answer

The following table shows the attack methods, attack targets, and attack types in the correct order.
  • Whaling is a targeted phishing email sent to CEOs and other senior executives.
  • Vishing is a type of phishing attack using a phone.
  • Rogueware is bogus antivirus software downloaded by unsuspecting users from a website.
Attack Methods Attack Targets Attack Types
 Identify Social Engineering Attacks - Email Identify Social Engineering Attacks - CEO CEO

Whaling

Identify Social Engineering Attacks - Internet Internet Web Page Identify Social Engineering Attacks - User User

Rogueware

Identify Social Engineering Attacks - Phone Attacker
Phone Attacker
Identify Social Engineering Attacks - Receptionist Receptionist

Vishing

Summary - Identify Social Engineering Attacks

Ensure you understand the basics of social engineering attacks when taking any security-based exam such as the Security+SSCP, or CISSP exams. Whaling is a targeted phishing attack against CEOs and other senior executives.  Vishing is a type of phishing attack that uses phones. Rogueware is bogus antivirus software that a user can download from a webpage on the Internet.

Monday, July 1, 2013

Microsoft TechNet Subscription Service Retiring

Microsoft TechNet Subscription Service Retiring

I was a little surprised when I opened an email from Microsoft announcing "Technet subscription service retiring."

The last day to purchase a TechNet Subscription through the TechNet Subscriptions website is August 31, 2013. Subscribers may activate purchased subscriptions through September 30, 2013.

Microsoft will continue to honor all existing TechNet Subscriptions. Subscribers with active accounts may continue to access program benefits until their current subscription period concludes.

Great for Learning

I've had a TechNet Subscription almost every year since about 1999 when I first became a Microsoft Certified Trainer (MCT). It has been an outstanding resource to obtain both new and established products. This has been absolutely essential as a trainer and author when I was writing about new products, and tremendously valuable when I was prepping for an established product that was new to me.

Need more specifics on which products are included with a TechNet Subscription? You can download the full list of products available by subscription level here.

For some of these years, Microsoft provided a TechNet subscription to all MCTs. For other years when they didn't provide it, I paid for it out of my pocket. I've certainly valued this and wonder if they plan on replacing it with anything such as an MSDN subscription. We'll see.

TechNet Subscription Alternatives

If you don't have a Technet Subscription and don't want one, you can still use these resources:
  • TechNet Evaluation Center: Free evaluation software with no feature limits, available for 30-180 days. Includes rich evaluation resources and TechNet Virtual Labs, which enable you to evaluate software without the need to install bits locally.
  • Microsoft Virtual Academy: Free online learning site, with over 200 expert-led technical training courses across more than 15 Microsoft technologies with more added weekly.
  • TechNet Forums: Free online forums where IT professionals can ask technical questions and receive rapid responses from members of the community.

MSDN is the Real Replacement

MSDN Subscriptions provide a paid set of offerings that are available for those who require access to evaluation software beyond what the above free offerings provide.

For years, MCTs have asked for MSDN Subscriptions instead of the TechNet subscription so that they could access application software available within Visual Studio. It would be great if they replaced the TechNet Subscription with MSDN. I'd seriously consider returning to teaching some application courses. 

I actually backed off teaching some application courses simply because it cost so much to get Visual Studio.At $6119 for Visual Studio Premium with MSDN, it becomes a huge investment. Especially when you compare it to the $349 for TechNet Professional.

Permanent?

If you want the the TechNet Subscription, get it now.  Microsoft might back peddle and change their mind later.  They have quite a history of making U-turns. However, if they do change their mind, I doubt it'll be soon after August 31, 2013. 

Saturday, June 29, 2013

Start a Conversation With Your Child

I Can Believe in Myself

A children's book by Miriam Laundry with pictures by Jenniffer Julich.
My good friend Miriam Laundry recently released this book and even though it's outside the scope of this blog, I loved it so much I wanted to share it with you.If you have any children and you want to start a conversation with them about their confidence and self-esteem, this is the perfect book. It is so easy for children to grow up with an inner voice constantly saying "I can't" and if that's the only message they hear, they might start to believe it.

Ideally, parents would be able to hear that inner voice as soon is starts to attack their child's confidence and self-esteem. Sadly, only the child hears it.

However, parents can read this book to their children and help counter that inner voice with words to build their child's confidence and self-esteem.

Instead of a message of "I Can't", parents can help their children develop an attitude of "I Can."

Parents might even help their children grow up with a mindset of no limitations, realizing they can do anything.

Although I don't have any children to read to, I loved the messages in the I CAN Believe in Myself book so much, I bought a copy for my local library. You can to.

Monday, June 24, 2013

Identify Smurf Attacks in the Security+ Exam

Identify Smurf Attacks

Can you identify smurf attacks? The Security+ exam expects you to to be able to analyze and differentiate different types of attacks, including a smurf attack so you should understand how it works.

Performance Based Questions

Topics such as identifying attacks are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to identify an attack shown in a diagram. If you're unfamiliar with the new performance based questions, check out these blogs too:

Identify Smurf Attacks - An Overview

A smurf attack spoofs the source address of a broadcast ping packet to flood a victim with ping replies. That's a complex sentence, so it's worthwhile breaking this down.
  • A ping is normally a unicast message
  • A smurf attack sends a ping as a broadcast instead of a unicast
  • The smurf attack spoofs the source IP address using the IP address of the victim
  • Other systems on the network flood the victim with pings

A Ping is Normally Unicast

A ping is normally a unicast message sent from one computer to one computer. It sends ICMP echo requests to one computer, and the receiving computer responds with ICMP echo responses.  Figure 1 shows how this works. Computer 1 is sending out a unicast ping to computer 3 and computer 3 responds with ICMP replies.
Identify Smurf Attacks Ping uses unicast
Figure 1
If you receive the responses you know that the other computer is operational.

Note: Because ICMP is used in many types of attacks, many firewalls block ICMP echo requests. If you don't receive ping responses back it doesn't necessarily mean the other computer is not operational. It could be because the ping is being blocked by a firewall.

On Windows systems, ping sends out four ICMP requests and gets back four replies. On  some other operating systems, ping continues until stopped. You can add the -t switch to ping on Windows systems causing ping requests to continue until stopped.
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

A Smurf Attack Sends the Ping Out as a Broadcast

Instead of using a unicast message, a smurf attack sends out the ping request as a broadcast.  In a broadcast, one computer sends the packet to all other computers in the subnet. These computers then reply to the single computer that sent the broadcast ping as shown in Figure 2. Computer 1 is sending out a broadcast ping to all the computers on the subnet and each one of them are now responding, flooding the computer with ping replies.
Identify Smurf Attacks Ping using broadcast instead of unicast
Figure 2
If computer 1 is the attacker, the results of Figure 2 aren't very beneficial.  If something isn't changed, the attacker gets attacked.

The Smurf Attack Spoofs the Source IP

If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies. Instead, the smurf attack substitutes the source IP with the IP address of the victim, and the victim gets flooded with these ICMP replies. 

Figure 3 shows how computer 1 can send out the smurf attack using computer 2's IP address as the source IP address. All the computers on the subnet then flood computer 2 with ICMP replies.
Identify Smurf Attacks Broadcast ping spoofing the source IP address
Figure 3

Smurf Attacks Use Amplifying Networks

A smurf amplifier is a computer network used in a smurf attack. This is easily prevented by blocking IP directed broadcasts used by smurf attacks. However, if a router or a firewall isn't configured to protect the network, it can become part of the attack.

Figure 4 shows how this works. The attacker (computer 1) sends a broadcast ping into the amplifying network with a spoofed source IP address of computer 6. Each computer in the amplifying network receives the broadcast and then responds by flooding the victim (computer 6) with ping replies.
Identify Smurf Attacks Smurf attack using amplifying network
Figure 4

Not Blue Packets

The rumor that a smurf attack is one where attackers send out little blue packets that report back to Papa Smurf is simply not true.
Identify Smurf Attacks Smurfs

Summary

Ensure you understand the basics of a smurf attack when taking any security-based exam such as the Security+SSCP, or CISSP exams. A smurf attack spoofs the source address of a broadcast ping packet to flood a victim with ping replies. Smurf attacks are known to use amplifying networks but administrators commonly block this rules on a router or firewall.

Saturday, June 22, 2013

Security+ Match Device Controls

Security+ Match Device Controls

The Security+ exam expects you to understand controls and you should be able to match device controls with specific devices. For example, can you match device controls used with mobile devices? Can you match device controls used on servers?

Performance Based Questions

Topics such as security controls for devices are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to drag and drop different controls to the devices that they protect. If you're unfamiliar with the new performance based questions, you might like to check out these blogs too:

Match Device Controls Practice Question

The following list of controls includes some that are used with mobile devices exclusively. It also includes some controls that are used with servers but not mobile devices. Do you know which ones are which?

Security+ Match Device Controls

Click the image for a larger view.
Some of these are used only on mobile devices, some are only used on servers, and some can be used on both.
Which security controls are for mobile devices? mobiledevicesicon
Which security controls are for servers? serversicon
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Match Device Controls for Mobile Devices

Here are the common security controls used for mobile devices:
  • Screen lock. Uses a passcode or password to lock the device. This prevents a thief from using a stolen device.
  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
  • Data encryption. Encryption protects the confidentiality of data and smartphone security includes device encryption to protect the data against loss of confidentiality. It's possible to selectively encrypt some data on a system, an entire drive, or an entire device.
  • Remote wipe/sanitation. Remote wipe capabilities are useful if the phone is lost. The owner can send a remote wipe signal to the phone to delete all the data on the phone. This also deletes any cached data, such as cached online banking passwords, and provides a complete sanitization of the device, ensuring that all valuable data is removed.
  • Voice encryption. It’s possible to use voice encryption with some phones to help prevent the interception of conversations
  • Global positioning system (GPS) tracking. A GPS pinpoints the location of the phone. Many phones include GPS applications that you can run on another computer. If you lose your phone, GPS can help you find it. Who knows? You may find that it just fell through the cushions in your couch. This is useful to know before you send a remote wipe signal.
  • Cable locks. The number of laptops stolen during lunches at conferences is astronomical. Many people don’t seem to know how common thefts are and often leave their laptops unprotected. Cable locks can secure a mobile computer. They often look about the same as a cable lock used to secure bicycles.
  • Locked cabinet or safe. Small devices can be secured within a locked cabinet or safe. When they aren’t in use, a locked cabinet helps prevent their theft.
If you were to match the controls to the Mobile devices, it might look like this. The idea is that you drag and drop individual controls from the area on the right to the area under Mobile Devices.
Security+ Match Device Controls to Mobile Devices
Click the image for a larger view.

Match Device Controls for Servers

If you were to match the controls to servers, it might look like this:
Security+ Match Device Controls to Servers
Click the image for a larger view.
Some of these items are the same as the mobile devices, and some of the items are unique for servers:
  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
  • Least privilege. Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions. Rights and permissions are commonly assigned on servers, but rarely on mobile devices such as tablets and smartphones.
  • Data encryption. Encryption protects the confidentiality of data on servers just as it can protect the confidentiality of data on mobile devices.  It's possible to selectively encrypt individual files or entire disk volumes.
  • Mantrap, cipher lock, and proximity lock. This are examples of physical security and they can be used to restrict access to a server room.
  • Firewall. Software-based firewalls are commonly used on servers but are extremely rare on mobile devices.
  • TPM and HSM. Trusted Platform Modules (TPMs) and hardware security modules (HSMs) are hardware encryption devices. You can read more about them in the TPM and HSM Hardware Encryption Devices blog.

Other Security+ Resources

Security+ Match Device Controls Summary

You can expect to see some performance based questions on the Security+ exam and you might even see one requiring you to match device controls to specific devices. While these are different from a typical multiple choice question, you can still answer them correctly as long as you know the content. The information from this blog was derived from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide, and it covers all of the security controls in the Security+ exam.