Tuesday, April 30, 2013

Security+ WAP Performance Based Questions

Security+ WAP Performance Based Questions

If you’re planning on taking the Security+ exam you can expect to see some Security+ WAP performance based questions. These questions expect you to know how to configure a wireless access point (WAP). Even if you've done it once or twice, it might not be fresh in your mind so it's good to review the topics. 

Networks commonly use wireless access points (WAPs) and configuring security with them is an important skill to have. CompTIA stresses this on both the Network+ and Security+ exams. You should be able to configure basics such as:
  • Change the SSID
  • Enable/disable SSID broadcast
  • Enable MAC address filtering
  • Configure security such as WPA and WPA2
  • Configure WPA/WPA2 Enterprise
Ideally, you should get your hands on a WAP or a wireless router used in many homes and small offices home offices (SOHOs). They are easily accessible and aren't expensive and the experience configuring it is valuable for on the job and the exam. The following sections show how to configure a Cisco M20 wireless router. All devices aren't exactly the same, but you'll find similar settings if you click around.
Pass the Security+ exam the first time you take it: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Accessing the Administration Page

Wireless access points have web pages you can use to configure settings. You can access the administration pages by entering the IP address of the access point into the web browser. The IP address of most access points is either 192.168.1.1 or 192.168.0.1.

After entering the IP address, you're prompted to enter the name and password for the administrator account. These also have defaults such as "admin" for the administrator account and "admin" for the password but it is highly recommended to change the defaults.

Change the SSID

The service set identifier (SSID) is the name of the network.  It is a case sensitive string of up 32 characters. Devices come with a default SSID and it's recommended to change the SSID from the default as a best practice.

The following figure shows the basic setting for SSID. On this WAP, you have to select the Wireless main menu and the Basic Wireless Settings submenu.  You then enter the desired network name for in the Network Name (SSID) text box. In the figure, I used the SSID of MyHomeWAP but any name with 32 characters can be used. Configure SSID for Security+ WAP Performance Based Questions

Enable/Disable SSID Broadcast

You can hide a wireless network from casual users by disabling SSID broadcast and a performance based question might require you to select one of these settings. The following figure shows how this is done on a sample access point. Disable SSID for Security+ WAP Performance Based Questions It's important to realize that even if you disable SSID broadcast, attackers can still discover the SSID with a wireless sniffer. In other words, disabling SSID broadcast doesn't provide any real security. You can read more about in the  Disable SSID Broadcast or Not? blog.

Enable MAC Address Filtering

Another configuration you might need to implement for Security+ WAP performance based questions is media access control (MAC) address filtering. The MAC address is assigned to the network interface card (NIC) when it is manufactured and you can use it to identify specific devices. When used within a MAC address filter, you can restrict access to the wireless network to specific devices based on their MAC address.

As an example, the following figure shows a MAC address filter configured on a wireless access point.  You can see that it is enabled and configured to "Permit PCs listed below to access the wireless network." The wireless client list includes five MAC addresses. Devices with these MAC addresses will be allowed access to the network, but other devices will be blocked.

MAC Filter for Security+ WAP Performance Based Questions

This setting isn't restricted to only PCs. Any wireless device has a MAC address including tablet devices and smartphones.

You can also configure a MAC address filter to block specific devices. For example, if your neighbor is using your access point to access the Internet, you can block his system using his MAC address. You would select the first setting "Prevent PCs listed below from accessing the wireless network" and enter the MAC address of his system.

Configure Security Such as WPA and WPA2

You also need to know how to configure basic security setting such as Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access version 2 (WPA2). You can typically select the appropriate setting from a drop down box and then enter the appropriate passphrase. The settings entered on the access point must be used on all devices that connect to the access point.

 The following figure shows these settings.
  WPA 2 for Security+ WAP Performance Based Questions

Configure WPA/WPA2 Enterprise

Both WPA and WPA2 operate in either Personal or Enterprise modes. Most home and small business networks use Personal mode using a passphrase or password.

Larger enterprises add additional security to WAPs with WPA Enterprise or WPA2 Enterprise.  Enterprise mode provides additional security by adding an authentication server and requiring each user to authenticate through this server. Authentication requires all users to prove their identities and a common way authentication is accomplished is with a username and password. A user claims an identity with a username and proves the identity with a password.

Enterprise mode requires an 802.1x server typically configured as a Remote Authentication Dial-In User Service (RADIUS) server, which is configured separately from the access point. The RADIUS server has access to the user’s authentication credentials and can verify when a user has entered authentication information correctly.

The following figure shows the configuration for an access point using WPA2 Enterprise. After selecting WPA2 Enterprise from the drop down box, the  selections change. You then need to enter the IP address of the RADIUS server and the shared secret configured on the RADIUS server. The default port for RADIUS is 1812 and you only need to change this if the RADIUS server is using a non-default port.RADIUS for Security+ WAP Performance Based Questions  

Other Security+ Resources

Security+ WAP Performance Based Questions Summary

You can expect to see some Security+ WAP performance based questions on the Security+ exam. These questions expect you to know how to configure a wireless access point (WAP) including the SSID, MAC address filtering, and security settings such as WPA2 Personal or WPA2 Enterprise.

Monday, April 29, 2013

Security+ Controls

Security+ Controls

If you’re planning on taking the Security+ exam you can expect to see some Security+ Controls questions. Objectives for the Security+ exam specifically identify the following three control types:
  • Technical
  • Management
  • Operational
Controls are also identified based on their function. The three primary functions of controls are:
  • Preventative
  • Detective
  • Corrective
Material from this blog comes from the top selling CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. Pass the Security+ exam the first time you take it.
If you pursue other security certifications, such as with SSCP or CISSP exams, you'll need to dig into controls a little deeper. However, the Security+ exam doesn't go too deep with this topics. As an example, check out these practice test questions.

Security+ Controls Practice Test Questions

Of the following choices, what type of control is least privilege?
A. Corrective
B. Technical
C. Detective
D. Preventative
Which of the following is a preventative control that can prevent outages due to ad-hoc configuration errors? A. Security audit B. Least privilege C. Change management plan D. A periodic review of user rights
Answers at the end of this blog

Security+ Control Objectives

Controls are mentioned in the following Security+ objectives:
2.1 Explain risk related concepts
  • Control types
    • Technical
    • Management
    • Operational
2.2 Carry out appropriate risk mitigation strategies
  • Implement security controls based on risk
3.6 Analyze and differentiate among types of mitigation and deterrent techniques
  • Detection controls vs. prevention controls
    • IDS vs. IPS
    • Camera vs. guard

Technical Controls

A technical control is one that uses technology to reduce vulnerabilities. An administrator installs and configures a technical control, and the control then provides the protection automatically. The following list provides a few examples of technical controls:
  • Least Privilege. The principle of least privilege is an example of a technical control. It specifies that individuals or processes are granted only the rights and permissions needed to perform their assigned tasks or functions, but no more.
  • Antivirus software. Once installed, the antivirus software provides protection against infection.
  • Intrusion detection systems (IDSs). An IDS can monitor a network or host for intrusions and provide ongoing protection against various threats.
  • Firewalls. Firewalls restrict network traffic going in and out of a network.

Management Controls

Management controls are primarily administrative in function. They use planning and assessment methods to provide an ongoing review of the organization’s ability to reduce and manage risk. Some management controls are:
  • Risk assessments. These help quantify and qualify risks within an organization so that they can focus on the serious risks. For example, a quantitative risk assessment uses cost and asset values to quantify risks based monetary values. A qualitative risk assessment uses judgments to categorize risks based on probability and impact.
  • Vulnerability assessments. A vulnerability assessment attempts to discover current vulnerabilities. When necessary, additional controls are implemented to reduce the risk from these vulnerabilities.

Operational Controls

Operational controls help ensure that day-to-day operations of an organization comply with their overall security plan. Operational controls include the following families:
  • Awareness and training. The importance of training to reduce risks cannot be overstated. Training helps users maintain password security, follow a clean desk policy, understand threats such as phishing and malware, and much more.
  • Configuration management. Configuration management often uses baselines to ensure that systems start in a secure, hardened state. Change management helps ensure that changes don’t result in unintended configuration errors.
  • Contingency planning. Chapter 9 presents several different methods that help an organization plan and prepare for potential system outages. The goal is to reduce the overall impact on the organization if an outage occurs.
  • Media protection. Media includes physical media such as USB flash drives, external and internal drives, and backup tapes.
  • Physical and environmental protection. This includes physical controls such as cameras, door locks, and environmental controls such as heating and ventilation systems.
Pass the Security+ exam the first time you take it: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Controls Based on Functions

Many controls are identified based on their function as opposed to the type of control. The three primary functions of controls are preventative, detective, and corrective.

Preventative Controls

Preventative controls attempt to prevent an incident from occurring. The goal is to take steps to prevent the risk. Some examples include:
  • Security guards. Guards act as a deterrent and provide a preventative security control. For example, an attacker may attempt social engineering to fool a receptionist, but is less likely to attempt these techniques, or succeed, when guards protect an access control point.
  • Change management. Change management (introduced as an operational control) ensures that changes don’t result in ad-hoc (or as-needed) configuration errors. In other words, instead of administrators making changes on the fly, they submit the change to a change management process.
  • Account disablement policy. Most organizations ensure that user accounts are disabled when an employee is terminated. This ensures that these accounts are not used by the ex-employee or by anyone else.
  • System hardening. Various methods ensure that a system is more secure from its default configuration. This includes removing and disabling unneeded services and protocols, keeping the system up to date, and enabling firewalls.

Detective Controls

Detective controls are designed to detect when a vulnerability has been exploited. A detective control can’t predict when an incident will occur, and it can’t prevent it. However, it can discover the event after it’s occurred. Some examples of detective controls are:
  • Security audit. Security audits can examine the security posture of an organization. For example, a password audit can determine if the password policy is ensuring the use of strong passwords. Similarly, a periodic review of user rights can detect if users have more permissions than they should.
  • Video surveillance. A closed circuit television (CCTV) system can record activity and detect what occurred. It’s worth noting that video surveillance can also be used as a preventative control since it can act as a deterrent.

Corrective Controls

Corrective controls attempt to reverse the impact of an incident or problem after it has occurred. Some examples of corrective controls are:
  • Active IDS. Active intrusion detection systems (IDSs) attempt to detect attacks and then modify the environment to block the attack from continuing.
  • Backups and system recovery. When data is lost, a backup ensures that the data can be recovered. Similarly, when a system fails, system recovery procedures ensure it can be recovered. Chapter 9 covers backups and disaster recovery plans in more depth.

Security+ Controls Practice Test Question Answer

Of the following choices, what type of control is least privilege?
A. Corrective
B. Technical
C. Detective
D. Preventative

Bis correct. The principle of least privilege is a technical control and ensures that users have only the rights and permissions needed to perform the job, and no more. A corrective control attempts to reverse the effects of a problem. A detective control (such as a security audit) detects when a vulnerability has been exploited.A preventative control attempts to prevent an incident from occurring.

Which of the following is a preventative control that can prevent outages due to ad-hoc configuration errors?

A. Security audit
B. Least privilege
C. Change management plan
D. A periodic review of user rights

D is correct. A vulnerability assessment is a management control and attempts to discover weaknesses in systems. A corrective control attempts to reverse the effects of a problem. A detective control (such as a security audit) detects when a vulnerability has been exploited. A technical control (such as the principle of least privilege) enforces security using technical means.

Resources

Security+ Controls Summary

When preparing for the Security+ exam, ensure you're aware of the Security+ Controls mentioned in the objectives. This includes: Technical Controls, Management Controls, and Operational Controls. You should also be aware of the three primary functions of controls: Preventative, Detective. and Corrective.

Sunday, April 28, 2013

IT Certification Path for Network Administrators


IT Certification Path for Network Administrators

Aspiring IT professionals frequently ask me questions like “How can I get into an IT job?” and “What is the best IT certification path for network administrators?” Unfortunately, there isn't a one-size-fits-all answer because there are so many variables, such as how much knowledge you start with and what type of jobs are available where you live.

However, if you are focused on landing an IT job and you‘re willing to take the time to master the materials, you can earn several certifications that will make you highly desirable as a network administrator, one of the industry’s most essential and opportunity-rich positions. Learn the material, earn the certifications, and you’ll have an opportunity to shine at network administration job interviews.
IT Certification Path for Network Administrators
First, what is a network administrator? Most people define a network administrator as someone that maintains hardware and software on a computer network. In a large organization, the network administrator is a mid-level IT worker focused primarily on maintaining networking components. However, in smaller organizations, the network administrator is also responsible for desktop support for end-users, maintaining servers, and managing any other devices connected to the network.

In this article, I've divided the IT certification path for network administrators  into three categories:
  • Foundation certifications: These CompTIA certifications are vendor-neutral and provide a solid knowledge base for any path to becoming a network administrator.
  • Cisco certifications: These credentials are valuable for administrators that manage Cisco’s widely-used network devices, such as routers and switches.
  • Microsoft certifications: These certificates are key for administrators that provide network administration services at both the desktop and server level.
People commonly want to know how long it’ll take to complete these certifications so I've given some common study time estimates. These guidelines assume you have a job but you’re still able to study regularly to master the concepts. Someone that is unemployed and spending 12 hours a day studying can complete these certifications much quicker. In contrast, someone with a full time job that regularly requires overtime might need more time.

more...


Monday, April 15, 2013

CompTIA Network+ Wireless Topics


The CompTIA Network+ Wireless Topics (A Get Certified Get Ahead Kindle Short) is now available. This Kindle short includes a chapter on Network+ Wireless topics and 55 realistic questions with full explanations. Only $2.99.

In case you don't know it, you can read Kindle books no just about any device with freely available Kindle apps.

Part of Upcoming CompTIA Network+: Get Certified Get Ahead Study Guide

Many of you might now that I’m in the process of writing a Network+ book using the same format as the top selling CompTIA Security+: Get Certified Get Ahead Study Guide.

However, instead of waiting until the entire book is complete, I’ve decided to post some chapters on Amazon in the Kindle format. I’m calling these “Kindle Shorts” because they aren’t full books but they do have a lot of relevant content.

The first “Kindle Short” is on wireless topics and covers all of the CompTIA Network+ Wireless objectives:
  • 2.2 Given a scenario, install and configure a wireless network.
  • 2.4 Given a scenario, troubleshoot common wireless problems.
  • 3.3 Compare and contrast different wireless standards.
  • 5.1 Given a scenario, implement appropriate wireless security measures.
  • 5.4 Explain common threats, vulnerabilities, and mitigation techniques.
If you want another perspective on the wireless objectives to ensure you have mastered these topics, check out this book.

Part of Kindle Owners' Learning Library

This Kindle short is available for free to Kindle device owners that have an Amazon Prime Membership as a part of the Kindle Owner's Lending Library.

Other Network+ Study Resources

If you're studying for the Network+, check out these additional resources:

Thursday, April 11, 2013

Network+ and Wireless Standards


If you're preparing for the Network+ exam, you probably know that a good portion includes wireless topics including wireless standards. If you can master some basic facts on wireless standards, you'll be able to ace many Network+ questions without any trouble at all.  Another post covered Network+ and Wireless Encryption topics.

Several objectives address wireless standards directly:
  • 2.2 Given a scenario, install and configure a wireless network. (This objective includes "Frequencies", "Wireless standards", and "Compatibility (802.11 a/b/g/n)"
  • 2.4 Given a scenario, troubleshoot common wireless problems. (This objective includes "Configurations", and "Incompatibilities")
  • 3.3 Compare and contrast different wireless standards. (This objective includes "802.11 a/b/g/n standards")

Network+ Practice Test Questions

Here are a couple of practice test questions you can use to check your knowledge of the Network+ wireless standards.

Q1. You are tasked with configuring a wireless network that can support legacy devices and operate on both 2.4 GHz and 5 GHZ. What would you use?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Q2. Which of the following wireless standards operates at 5 GHz and has a maximum speed of 54 Mbps?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Q3. Which of the following wireless standards supports multiple transceivers within a single WAP?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n
Over 275 realistic practice test questions available in the
CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead) Kindle book.
Only $9.99 . Free Kindle apps available for any platform.

802.11a

The 802.11a standard is one of the early wireless standards and it was released in 1999. It uses Orthogonal frequency-division multiplexing (OFDM) in the 5 GHz frequency range. One of the reasons 5 GHz was selected is to avoid the interference in the noisier 2.4 GHz frequency range. The original specification had 12 non-overlapping channels that could be used compared with the three non-overlapping channels supported in 802.11b and 802.11g. It also uses dynamic frequency selection (DFS) allowing the device to automatically switch channels when it detected interference. Radar technologies use portions of the 5 GHz range so DFS is useful to avoid interference from radar sources.

Unfortunately, 802.11a signals are much more susceptible to interference from physical objects such as walls and have the lowest transmission distance of the four standards. The maximum range of 802.11a is often quoted as 30 meters (about 98 feet) but this can be affected by the signal strength of the wireless access point (WAP) and interference sources.

It’s rare to see new 802.11a wireless devices today. However, you might run across some legacy devices using 802.11a.

802.11b

The 802.11b standard came out at about the same time as 802.11a. It operates in the 2.4 GHz frequency range, has a maximum speed of 11 Mbps, and a mildly longer range than 802.11a. Compared with 802.11a, 802.11g, and 802.11n, it is the only standard that uses Direct-sequence spread spectrum (DSSS). 802.11b uses 22 MHz wide channels with some regions allowing as many as 13 channels. Commonly used non-overlapping channels are 1, 6, and 11. While 802.11b was more popular than 802.11a, it is rarely used today.

802.11g

The 802.11g standard was released in 2003 and up until the release of 802.11n has been the most popular. It supports speeds up to 54 Mbps, operates in the 2.4 GHz range and has a slightly longer range than 802.11b. It uses 20 MHz wide channels and channels 1, 6, and 11 are commonly used as non-overlapping channels. As with 802.11a and 802.11n, 802.11g uses OFDM.

One significant difference with 802.11g over 802.11a and 802.11b is that it supports channel bonding. This was also known as Super G and wasn’t supported by all wireless devices. When supported, Super G increased the maximum throughput from 54 Mbps to 108 Mbps.
Join the conversation and get more free practice test questions on
The Get Certified Get Ahead Facebook Page

802.11n and MIMO

The newest standard is 802.11n and it is proving to be far superior to the three previous 802.11 standards. It is the fastest and supports speeds up to 600 Mbps and can operate in both the 2.4 GHz and 5 GHz frequency spectrums. It also has the longest range with distances up to 70 meters. As with 802.11a and 802.11g, it uses OFDM.

A significant difference with 802.11n is the use of a smart antenna technology called multiple input multiple output (MIMO) to achieve faster speeds. MIMO includes multiple antennas and transceivers to simultaneously transmit and receive data over multiple streams. MIMO can include as many as four streams of communication with each stream supporting up to 150 Mbps. When four streams are used, it supports connections up to 600 Mbps.

The multiple antennas used with MIMO provide diversity gain which improves the overall link reliability. These streams are sent separately in a process called spatial multiplexing.

Another difference with 802.11n is that it supports 20 MHz channels just like 802.11g and it also supports 40 MHz channels for greater throughput. When 40 MHz channels are used it is often referred to as channel bonding.

Many wireless networks have a combination of both 802.11g and 802.11n devices. An 802.11n WAP can support both standards. Also, they can be configured to use only 2.4 GHz or a combination of 2.4 GHz and 5 GHz.

If you create a network using all 802.11n devices and they all support 5 GHz, you can configure the WAP to use only 5 GHz. Because this frequency band has less interference you can often get much better throughput. However, before switching over, it’s important to verify that all the devices support 5 GHz because it isn’t required. Many vendors create 802.11n wireless devices using only 2.4 GHz to make the devices more affordable.
Realistic practice test questions for the Network+ N10-005 exam and more.
Available through LearnZapp on your mobile devices.

Answer to Practice Test Question 1

Q1. You are tasked with configuring a wireless network that can support legacy devices and operate on both 2.4 GHz and 5 GHZ. What would you use?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Answer 1. D is correct. Only an 802.11n network will operate on both 2.4 GHz and 5 GHz frequencies. 802.11n networks can also support older (legacy) devices because it is backwards compatible with earlier wireless standards.

802.11a only uses 5 GHZ.

802.11b and 802.11g only uses 2.4 GHz.

Answer to Practice Test Question 2

Q2. Which of the following wireless standards operates at 5 GHz and has a maximum speed of 54 Mbps?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Answer 2. A is correct. The 802.11a standard operates at 5 GHz and has a maximum speed of 54 Mbps.

802.11b and 802.11g both operate at 2.4 GHz.

802.11n uses 2.4 GHz and 5 GHz but it has a maximum transfer rate of 600 Mbps, not 54 Mbps.

Answer to Practice Test Question 3

Q3. Which of the following wireless standards supports multiple transceivers within a single WAP?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Answer 3. D is correct. 802.11n uses multiple input multiple output (MIMO) technologies and MIMO supports multiple transceivers within a single wireless access point (WAP).

MIMO is not supported in 802.11a, 802.11b, or 802.11g.

Summary

Here's a short summary of some of the key characteristics with each of the different wireless standards.

802.11a

  • Maximum speed of 54 Mbps
  • Operates in the 5 GHz frequency range
  • Shortest distance - can travel about 35 meters (about 115 feet)

802.11b

  • Maximum speed of 11 Mbps
  • Operates in the 2.4 GHz frequency range
  • Can travel about 35 meters (about 115 feet)

802.11g

  • Maximum speed of 54 Mbps
  • Operates in the 2.4 GHz frequency range
  • Can travel about 38 meters (about 125 feet)
  • Supports channel bonding with Super G (combines two 54 Mbps channels to give 108 Mbps max speed)

802.11n

  • Maximum speed of 600 Mbps
  • Operates in the 2.4 GHz and 5 GHz frequency ranges
  • Longest distance - can travel about 70 meters (about 230 feet)
  • Uses MIMO supporting multiple transceivers within a single wireless access point
  • Can use 40 MHz channels (referred to as channel bonding

A+ Mobile Apps on Android


Learnzapphas recently released practice test question mobile apps for the A+ 220-801 and 220-802 exams on Android devices. If you enjoy studying while on the go, these apps provide you with an easy to use tool where you can squeeze in some study time whenever you have a spare moment.

This release includes some great improvements to their existing mobile apps which improved their performance and the user interface. They have also created some great bundles for people planning on taking multiple CompTIA exams such as Network+ and Security+.

If you search Google Play with "LearnZapp" you'll find all of their offerings including the following new items:
  • CompTIA A+ 220-801
  • CompTIA A+ 220-802
  • CompTIA A+ Bundle (801 and 802)
  • CompTIA Value Pack (801, 802, Security+ and Network+)
Other apps that have been upgraded with the new platform are:
  • CompTIA Security+
  • CompTIA Network+
  • CompTIA Bundle (Security+ and Network+)
All of these apps are also available for Apple devices such as iPads and iPhones. Search the App Store with "LearnZapp" and you'll see a similar listing.

Monday, April 8, 2013

Network+ and Security+ Blog Links


I created an easy to navigate page of Security+ blog links last week and in response to requests, I've completed a similar page for Network+ blog links.
  • Security+ Blog Links. This page includes links to posts about the Security+ exam, multiple free practice test questions, and various topics such as risk, authentication, cryptography, networking, and attacks.
  • Network+ Blog Links. This page includes links to posts about the Network+ exam, multiple free practice test questions, command line tools, hardware tools, wireless topics, and more.

Friday, April 5, 2013

Career Advice for Elvis


I frequently receive emails from readers asking for career advice. Most of these are related to my technical certification blogs and books and I do my best to answer every email I receive.
Recently, I received a lengthy email from a 24 year old reader in Bosnia asking for career advice. He identified himself as Elvis which I've since learned is a rather popular name in Bosnia. While his background is different than many other people, his questions are similar.
  • "What should I do next?"
  • "What should I actually pursue?"
Despite having a B.A. and being able to speak multiple languages (Bosnian/Serbian/Croatian, English, German, and Spanish), he hasn't had much luck finding a job or finding a path out of his country. His cousin gave him a copy of the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802) and he plans on getting the A+ certification, then Network+, and then other IT-related certifications with the hope that these will help him get a job and possibly emigrate to Germany.
Perhaps they will.
But what he should do next? What should he actually pursue?
My answers to readers aren't always very lengthy but something inspired me to give Elvis a more complete answer. After writing it, I realized that the same answer can apply to just about anyone no matter where they live so I've included it here.
========================================
Hi Elvis,
The best recommendation I can give you is to look inside yourself and ask what you really want to be doing five years from now (or even a year from now).
Try this.
Sit down and imagine yourself five years in the future. You look around at all you've achieved and accomplished and you decide to write out a list of everything that you're grateful for in your life.
Write the date (five years from today) at the top of the page and then start your list. Start each sentence with:
  • I am grateful .....
And then finish the sentence with something that you are grateful for.
Dream big. Don't limit yourself and don't let your current situation affect you. Imagine that your friends, family, and the Universe all conspired to help you on your path and you've enjoyed fabulous success pursuing your dreams.
Be as specific as possible. For example, instead of listing something like "I am grateful I have a job" list the actual job that would give you the most joy. For example, you might list "I am grateful I am a system administrator in a large data center."
Make sure you include exactly what you want, not what you don't want. For example, you might include "I am grateful I am living in Saxony, Germany." You should not list something like "I am grateful I am not living in Bosnia." If any statement includes the word "not" in it, change it.
Include at least one item indicating your gratitude for being able to help others with something specific. It could be gratitude that you've been able to donate a specific amount of money or time to a cause. You might indicate your gratitude for being able to create a specific product or service that has helped others. It could be something that you've been able to do that has provided joy or happiness to others.Don't skip this step.You'll find that the Universe is much more willing to help you when you're willing to help others.
Don't stop until you have at least ten items in your list. More is better.
I included a similar exercise in my book "You Can Do Anything - Three Simple Steps to Success for Graduates." It's a simple exercise but can be very powerful if you put your energy into it.
Once you've completed your list, identify one of the items that you consider important or appealing to you and create a goal to do it.
Write out your goal starting with "I will...". Next include exactly what you want such as "have a rewarding job as a systems administrator in a large data center." Next, add a date and time such as "by midnight April 5th, 2018." Last include the phrase "or something better" to ensure you are open to something better. For example, instead of being a systems administrator in a large data center you might actually be more suited to owning and running the data center and by including "or something better" you remain open to other possibilities that are better for you.
Your goal might look like "I will have a rewarding job as a systems administrator in a large data center, or something better, by midnight April 5th, 2018."
You don't have to know how you'll achieve this goal right now. You only need to know that you want to. If you take the time to write out your goal and keep it at the forefront of your mind, you'll figure out how.
There are many ways you can keep the goal at the forefront of your mind and find inspiration to accomplish it. A simple method is to simply read your written goal every day.
Good luck.
Darril Gibson
========================================
The next time someone asks you "What should I do next?" or "What should I actually pursue?" consider giving them this answer. It will help them find the answer from within themselves.

Wednesday, April 3, 2013

Security+ Blog Links

I've been posting blogs on the Security+ SY0-301 exam almost since it was released and this page provides a listing of most of those blogs organized by topic. You can also get a listing of all blogs listed in the Security+ category by clicking on the Security+ menu link, or search for blogs with specific keywords using the Search feature. You can also join the conversation on the Get Certified Get Ahead Facebookpage.

Resources

Pass the Security+ exam the first time you take it: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

General Topics

Security+ Practice Test Questions

Over 275 Realistic Practice Test Questions with full explanations. CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions Pass the Security+ exam the first time you take it.

Risk

Authentication

Cryptography

Realistic practice test questions for the Security+ SY0-301 exam Available through LearnZapp on your mobile phone

Networking Topics

Attacks

Learn by listening  Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide Over one hour and 20 minutes of audio from the "Remember This" blocks Over three hours and 20 minutes of questions and answers on audio

Jobs

Tuesday, April 2, 2013

Get Certified Get Ahead Now on Facebook

In response to some recommendations I've received from readers, I started a Get Certified Get Ahead page on Facebook. You can view it here: https://www.facebook.com/GetCertifiedGetAhead. I'll be posting free practice test questions here regularly and will be answering reader questions and queries. My current plan is to post questions on A+, Network+, and Security+ topics. There already a few practice test questions posted there.

 It's new, but I love the interaction that is possible through Facebook. I'll have the ability to provide assistance directly to people that post queries, while also providing the same information to anyone else that just wants to visit and view the answers.

 If you have a moment, check it out. Feel free to post me a note about what you'd like to see me post on this page.I'd love to hear from you.

New Mobile Apps for A+

Learnzapp has been producing outstanding mobile apps with practice test questions for awhile now. For people that enjoy studying while on the go, these apps provide them with an easy to use tool where they can squeeze in some study just about any time they have a spare moment.

They have released some new mobile apps with practice test questions and are improving the platform for some existing apps. They've added apps for A+ practice test questions (both the 801 and 802 exams) and have made some changes to Network+ and Security+ apps. The changes include implementing recommendations they've received by users, improving the performance of the apps, and making the user interface more fluid.

The following apps have been launched on Apple iTunes and are available for Apple devices such as Apple iPhones and iPads. If you search the Apple App Store with "LearnZapp" you'll find the following new selections are now available:
  • CompTIA A+ 220-801
  • CompTIA A+ 220-802
  • CompTIA A+ Bundle (801 and 802)
  • CompTIA Value Pack (801, 802, Security+ and Network+)
Other apps that have been upgraded with the new platform are:
  • CompTIA Security+
  • CompTIA Network+
  • CompTIA Bundle (Security+ and Network+)
All of these apps will also be available on Google Play for Android devices within the next two weeks.

Monday, April 1, 2013

Network+ and Wireless Encryption

If you're preparing for the Network+ SY0-301 exam, you probably realize that a good chunk of it covers wireless topics including wireless encryption. More specifically, two specific objectives address wireless encryption directly:
  • 2.4 Given a scenario, troubleshoot common wireless problems. (This objective includes "Encryption type".)
  • 5.1 Given a scenario, implement appropriate wireless security measures. (This objective includes "Encryption protocols: WEP, WPA, WPA2, and WPA Enterprise".)

Network+ Practice Test Questions

Here are a couple of practice test questions you can use to check your knowledge:

Q1. Of the following choices, what provides the most security for a wireless network?
A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q2. Of the following choices, what provides the most security for a wireless network that doesn’t have access to a RADIUS server?
A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q3. Attackers have recently hacked into a small business owner’s wireless network and you are asked to help him secure it. Of the following choices, what provides the best security?
A. WEP
B. WPA
C. Disabling SSID broadcast
D. Selecting alternate channels

Over 275 realistic practice test questions available in the

WEP

Wired Equivalent Privacy (WEP) was the original security protocol used to secure wireless networks. As the name implies, the goal was to provide the same level of privacy and security within a wireless network as you’d have in a wired network. Unfortunately, WEP has significant vulnerabilities, and attackers have many tools they can use to break into WEP-protected networks. WEP was officially deprecated in 2004 and is not recommended for use. WPA was identified as an interim replacement and WPA2 is a permanent replacement.

WEP uses a key that is similar to a password or passphrase. Each device in the wireless network is configured with same key.

WPA

Wi-Fi Protected Access (WPA) was an intermediate replacement for WEP. It provided a significant increase in security over WEP without requiring users to upgrade their hardware. WPA was never meant to be a permanent replacement for WEP, but instead was intended to provide a temporary replacement while developers created a permanent solution with WPA2.

WPA originally used a stream encryption technique with Temporal Key Integrity Protocol (TKIP). TKIP provides several improvements for WPA over WEP. A benefit of WPA with TKIP is that it can be used on the same hardware used by WEP.  It requires different software or firmware upgrades, but the hardware doesn't need to be replaced. Unfortunately, WPA with TKIP was ultimately cracked too.

Later, WPA was modified so that it could use  Advanced Encryption Standard (AES) instead of TKIP. AES is a very strong and efficient encryption algorithm and it is recommended for use in many implementations. Several people have been successful at cracking WPA with TKIP, so whenever possible, it’s best to upgrade WPA to WPA2, or at least use WPA with AES instead of TKIP.

WPA (also known as WPA Personal) uses a password or passphrase sometimes referred to as a pre-shared key (PSK). All devices in the wireless network must be configured with the same PSK.

WPA2

Hardware in most systems today supports Wi-Fi Protected Access v2 (WPA2). It is the permanent replacement for WEP and WPA but it is not supported on legacy hardware designed for WEP. WPA2 (also known as IEEE 802.11i) uses stronger cryptography than both WEP and WPA and the Wi-Fi Alliance requires all devices carrying its WI-FI CERTIFIED logo to meet WPA2 standards.

Just as WPA uses a PSK, WPA2 uses a PSK and all devices in the wireless network need to have the same PSK. When a PSK is used with WPA2 it is known as WPA2 Personal.
Join the conversation and get more practice test questions on
The Get Certified Get Ahead Facebook Page

Personal and Enterprise Modes

Both WPA and WPA2 operate in either Personal or Enterprise modes. Most home and small business networks use Personal mode while some larger organizations use Enterprise mode.
As mentioned previously, Personal mode uses a passphrase or PSK and is rather simple to implement. You enter the PSK on the WAP and enter the same PSK on each of the wireless devices in the network. In this way, anyone with the PSK can access the wireless network. WPA-PSK or WPA2-PSK both indicate Personal mode.

Enterprise mode provides additional security by adding an authentication server and requiring each user to authenticate through this server. Authentication requires all users to prove their identities and a common way authentication is accomplished is with a username and password.

The authentication server is a separate RADIUS server or an 802.1x server which is configured separately from the access point. After the RADIUS server is configured, you can configure the access point to use Enterprise mode and include details related to the RADIUS server. You’ll commonly enter the IP address of the RADIUS server, the port it is using, and a shared secret that has been preconfigured on the RADIUS server.

Once Enterprise mode is configured properly, users will be challenged to authenticate before they are granted access to the wireless network. The user’s credentials are passed to the RADIUS server and the RADIUS server has access to a database of the user’s credentials used for comparison. If the user provides the correct credentials, the user is granted access. If the credentials are incorrect, the user is blocked from accessing the wireless network.

Enterprise mode is more advanced than most home networks need but many larger organizations use it. It prevents anonymous access to a network and is effective at liming unauthorized access. Similarly, some hotels use pay-as-you-go Wi-Fi access. For example, many hotels provide wireless access for $20 per day. When you attempt to access the wireless network you are challenged to enter a username and password. This is often as simple as entering your room number and your last name. The RADIUS checks the database to verify your room number is associated with your last name and you are granted access.

It’s important to recognize that Enterprise mode provides the strongest level of security for a wireless network. A combination of both a security protocol such as WPA2 and an authentication server significantly reduces the chance of unauthorized personnel accessing a wireless network. Even WPA Enterprise using AES provides stronger security than WPA2 Personal using only a PSK.

Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

Answer to Practice Test Question 1

Q1. Of the following choices, what provides the most security for a wireless network?
A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q1 Answer. D is correct.

Wi-Fi Protected Access v2 (WPA2) Enterprise mode provides greatest amount of security for a wireless network. It adds in an authentication server such as a Remote Authentication Dial-in User Service (RADIUS) server.

WEP provides the least amount of security for a wireless network and is not recommended for use. WEP was temporarily replaced with WPA and WPA2 which provide progressively more security.

WPA and WPA2 are also known as WPA Personal and WPA2 Personal and each use a preshared key or passphrase instead of an authentication server.

Answer to Practice Test Question 2

Q2. Of the following choices, what provides the most security for a wireless network that doesn’t have access to a RADIUS server?
A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q2 Answer. C is correct.

Wi-Fi Protected Access v2 (WPA2) provides the most security when compared to WEP and WPA.

If a Remote Authentication Dial-in User Service (RADIUS) server was used, you could implement WPA2 Enterprise mode which is even stronger but the question states that a RADIUS server is not available.

Answer to Practice Test Question 3

Q3. Attackers have recently hacked into a small business owner’s wireless network and you are asked to help him secure it. Of the following choices, what provides the best security?
A. WEP
B. WPA
C. Disabling SSID broadcast
D. Selecting alternate channels

Q3 Answer. B is correct.

Wi-Fi Protected Access (WPA) provides the best security of the given choices and WPA2 (not a possible choice) is even better.

WEP is cracked and not recommended for use.

Disabling SSID broadcast hides the wireless network and provides minimal security because attackers can still detect the SSID with a wireless sniffer.

Selecting an alternate channel is effective if there is interference but it doesn’t add to security.