Sunday, October 11, 2015

Can you answer this Security+ practice test question on Linux permissions?

Linux Permissions Sample Question

Question. Lisa does not have access to the project.doc file but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file:

rwx r-- ---

What should Homer modify to grant Lisa read access to the file?

A. File ownership
B. The FACL
C. Parent directory permissions
D. Group ownership



After receiving queries from several people about Linux permissions, I added this sample question to one of the extra test banks on the gcgapremium.com site.

While Linux or Linux permissions aren't listed directly on the Security+ objectives, CompTIA might add in questions that you may find a little challenging without a little knowledge of Linux permissions.


Don't let the appearance of Linux permissions throw you. Linux does list the permissions a little differently, but they work similarly to NTFS permissions. If you understand NTFS permissions as described in Chapter 2 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, these questions shouldn't be too challenging.

Entities within Linux Permissions

There are 3 primary entities that you can assign permissions to within Linux. They are:
  • Owner - This is a user that owns the file or directory and the owner is typically granted all permissions for the file or directory.
  • Group - The file can also be owned by a named group. Members of this group are granted specific permissions for the file or directory. These permissions are typically less than the permissions applied to the owner
  • Everyone else (or all users) - This is sometimes referred to as All Users, but permissions applied here do NOT override the Owner or Group permissions.

Basic Types of Linux Permissions

Linux files and directories have three basic types of Linux permissions. They are:
  • Read (r) - view the file
  • Write (w) - modify the file
  • Execute (x) - run the file (assuming it is an application)
  • If a permission is not assigned, you'll set it represented as a dash
The following table shows how these Linux permission types are often displayed in a file access control list (FACL).

Ref LineOwnerGroupUsers
1rwxrw----
2rwxrw-r--
3rw-rw-rw---

Looking at the above table, you can see that the following permissions will be assigned to the different entities:
  • Line 1: rwx rw- ---
    • Owner has read, write, and execute permissions rwx
    • Group has read and write permissions rw-
    • Other users have zero permissions ---
  • Line 2: rwx rw- r--
    • Owner has read, write, and execute permissions rwx
    • Group has read and write permissions rw-
    • Other users have read permissions r--
  • Line 3:
    • Owner has read and write permissions rw-
    • Group has read and write permissions rw-
    • Other users have read and write permissions rw-

Linux Permissions using Octal Notation

You might also see permissions listed in octal notation format. In other words, instead of seeing letters such as rwx rw- ---, you might see numbers such as 760.

Octal notation uses only three bits with each bit having a value of 0 or 1. With three bits, you can represent eight numbers (0 through 8). The following table shows the octal value based on the value of each of the bits.

Octal ValueRead (r)
2^2
Write (w)
2^1
Execute (x)
2^0
Permission
0000---
1001--x
2010-w-
3011-wx
4100r--
5101r-x
6110rw-
7111rwx

All of these values are not used for Linux permissions. For example, while an octal 1 is possible, it isn't feasible to grant execute permission without also granting read permission.

I've bolded the more commonly used permissions within the table and the following graphic combines the different concepts.

Security+ and Linux Permissions



Answer and explanation for practice test question available here.

Tuesday, September 29, 2015

Security+ and Privilege Escalation

Can you define privilege escalation?

More, can you correctly answer this sample CompTIA Security+ question?

Privilege Escalation Sample Question

Your organization was recently attacked and forensic analysts are investigating the attack. They have created the following forensic diagram of the network.

  Network diagram 
Analysts are focused on several specific entries in the database server security log.

Entry # Keywords Source Event ID Task Category
1 Audit Success Microsoft Windows security auditing 4624 Logon
2 Audit Success Microsoft Windows security auditing 4672 Special Logon
3 Audit Success Microsoft Windows security auditing 4624 Logon
4 Audit Success Microsoft Windows security auditing 4624 Logon
5 Audit Success Microsoft Windows security auditing 4648 Logon
6 Audit Failure Microsoft Windows security auditing 4673 Sensitive Privilege Use
7 Audit Success Microsoft Windows security auditing 4673 Sensitive Privilege Use

Assuming the analysts are correct, what is the MOST likely description of this attack?

A. Password attack
B. Pharming attack
C. Privilege escalation attack
D. Phishing attack

Based on the title of the post, I'm betting you know the correct answer is privilege escalation.

However, the actual questions on the Security+ exam aren't labeled so obviously. In order to answer them, you need to know why the correct answer is correct, and why the incorrect answers are incorrect.

More, if you know how to eliminate incorrect answers, you can discover the correct answer even if it's not very familiar to you.

Full answer and explanation available here.

Understanding Privilege Escalation

Privilege escalation occurs when a user or process accesses elevated rights and permissions. When attackers first compromise a system, they often have minimal privileges. However, privilege escalation tactics allow them to get more and more privileges.

For example, imagine hacker Harry is attacking a web server over the Internet. He might only have guest or anonymous access to the system initially, and he can’t do much with this access. He uses different techniques during the attack to gain more and more privileges. If he can escalate his privileges high enough, he will have full administrative or root access to the system.

Malware frequently tries to gain access to elevated privileges through the logged-on user. For example, if a user logs on with administrative privileges, the malware can elevate its privileges through the user account.

Many organizations require administrators to have two accounts. They use one account for regular use and one for administrative use. The only time they would log on with the administrator account is when they are performing administrative work. This reduces the time the administrative account is in use, and reduces the potential for privilege escalation if the user’s system is infected with malware.

Privilege Escalation and APTs

An advanced persistent threat (APT) is a group that has both the capability and intent to launch sophisticated and targeted attacks. There is a lot of evidence that they exist and are active, and privilege escalation is a core method of establishing a foothold within a network.

A lot of documentation indicates that many APTs start with a phishing attack. They try to lure unsuspecting users into opening an attachment or clicking a malicious link. The attachment installs malware onto the users system. Similarly, the malicious link attempts a drive-by download to install malware.

If the phishing attack is successful, the malware establishes a backdoor on the user's system. The attacker than uses this backdoor to perform reconnaissance on the user's system and network by embedding commands in what looks like harmless web pages.

Attackers systematically look for and exploit vulnerabilities gaining more and more privileges on the network. Of course, if a user is logged on as an administrator, this makes it much easier gain elevated privileges.

Full answer and explanation available here

Sunday, July 5, 2015

Pass the Security+ Exam in 30 Days or Less

Several Amazon reviewers of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide have mentioned they have passed the Security+ exam in 30 days or less.

In response, many readers have asked me for a day-by-day schedule they can use to take and pass this exam in 30 days or less.

If you really want to do something, you will find a way. If you don't, you'll find an excuse."

- Jim Rohn

If you really want to earn this certification, and you have some IT experience, you can pass the Security+ exam and earn this certification. Here are seven simple steps.

1) Get a Good Study Guide to Pass the Security+ Exam

The first step to pass the Security+ exam in 30 days or less is to get a good study guide. I hear from people almost daily that have passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Don't take my word for it though. Check out these reviews on Amazon.
  • "Well written. After 3 weeks of study I passed with an 816."
  • "I got this book and studied like crazy for one month....After all my preparation, I take the test and score 841 of 900!!"
  • "This Book is simply amazing....I was required to take this for my job, and was only given 9 days to study. I am happy to report that I managed to score an 841."
  • "I read a chapter and a half a day for two weeks, took my test and passed."
  • "The information is provided in a clear and concise fashion that highlights aspects of the text that need to be remembered for the test. Bottom line I read this in three days, took the exam and passed with an 885."
The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is available in both a paperback and Kindle format. Because it is enrolled in Amazon's Kindle Matchbook program, you can get the Kindle version for only $2.99 if you buy the paperback book from Amazon.
You can also get supplementary materials for the study guide including:

2) Do the Assessment

As soon as you get the book, do the Assessment exam at the beginning of the book.
When doing practice test questions from the book, write down your answers on a piece of paper instead of marking up the book. This way you can take the questions again later without seeing the answers circled.
Alternatively, you can use purchase the online practice test questions. The 60 day packages include the questions organized by chapters.

3) Schedule Your Exam

Schedule your exam for 30 days after you do the assessment.
This extra commitment is enough to keep most people going when they get to a challenge. You can always reschedule it later if you need to. 

4) Start Studying

Read half a chapter a day for four days in row.
  • After reading, review the Chapter Review topics for what you read.
  • After the review, do at least 10 of the practice test questions for the chapter.
  • After doing the practice test questions, take the time to read the explanation.

5) Mix Studying with Review

After four days of studying new material, take one day for review.
  • Reread all the chapter reviews from chapters you've finished.
  • Do all of the practice test questions that you've finished previously.
  • Look at blog articles for any topics that interest you or you want to dig into deeper.
Some blog articles that might interest you are:
After the review day, spend the next four days reading new material followed by another day of review. The last set of studying days will be only two days of new material.

6) Do the Post Exam

Do the post exam at the end of the book.
  • After doing the practice test questions, take the time to read the explanations.
  • Review any material that isn’t clear to you.

7) Take the Exam and Celebrate Your Success

On test day, review key material. This includes:
  • Chapter Reviews from each chapter
  • Key tables within the book such as:
    • The Ports table (Table 3.1)
    • OSI topics (Table 3.2)
    • Wireless standards (Table 4.1)
    • Algorithms (Table 10.1)
    • Symmetric encryption protocols (Table 10.2)
This post includes five success tips for the Security+ exam, including some strategies you can use when answering the questions.
After taking the exam, take time to celebrate your success. You deserve it.

Tuesday, June 30, 2015

Security+ DIsaster Recovery and Redundancy

Are you prepping for the Security+ exam? Do you know the differences between disaster recovery and redundancy. Some people think the two are the same, but they aren’t.

A Security+ test candidate recently asked me for clarification between the two. In response, I wrote three related blog posts:
You can read those posts for more complete explanations. However, here is a synopsis of each.
Disaster recovery is a part of an overall business continuity plan. Often, an organization will use a business impact analysis to identify the critical systems and components. Security personnel then develop disaster recovery strategies and disaster recovery plans to ensure these systems will stay operational during and after a disaster. 
Redundancy adds duplication to critical systems and provides fault tolerance. If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption. In other words, a system with fault tolerance can suffer a fault, but tolerate it and continue to operate.

Thursday, June 11, 2015

How Failing Helped Me Succeed

Yes, failing helped me succeed.

 Specifically, failing the Security+ exam helped me succeed in helping thousands of others pass this exam. Years ago, I failed the Security+ exam the first time I took it.

Failed it. Two hundred and some dollars down the drain. This was back when the exam was in the SY0-101 version so it was a few moons ago when the exam was cheaper. Today, it's $302 (unless you use the free voucher code to get 10% off).
Failures, repeated failures, are finger posts on the road to achievement. One fails forward toward success.
- C. S. Lewis
It was a humbling experience.

I didn't fail because the material was beyond my grasp. I had been working in IT for several years, and regularly taught Microsoft MCSE certification courses around the country.

Many of these courses included advanced security topics. No, I failed it because I took the exam for granted.

I believed the people that told me the exam was easy. (Of course, anything is easy when you know it - just make sure you know it before you believe it's easy.)

 It's not a mistake I wanted to repeat. failsuccess

Success...Read the rest of the article here.


Friday, February 20, 2015

7 Strategies for Getting Things Done

Jack is one of the best teachers I've ever learned from and he shares some simple strategies in this blog post that he's used to help him achieve so much in his life so far. 
  • Like writing 150 books (including the Chicken Soup for the Soul books)
  • Delivering about 50 presentations a year around the world
  • Teaching and mentoring students
  • Leading the Transformational Leadership Council that he founded
  • And much more.

While these 7 simple strategies have a lot of power and wisdom behind them, you might be surprised at their simplicity. You can apply them to any area of your life.

Tuesday, January 13, 2015

Data Loss Prevention

Can you answer this Security+ question on data loss prevention?

Data loss prevention 

Security+ Practice Test Question - Data Loss Prevention

Of the following choices, what benefits are provided by DLP techniques? (SELECT Three.)
    A. Prevent users printing certain data to printers
    B. Prevent users from copying certain data to USB drives
    C. Prevent users from reading certain files on their computer.
    D. Prevent users from sending certain data outside the organization via email
Data loss prevention techniques inspect data looking for unauthorized data transmissions. A network-based data loss prevention (DLP) system inspects data in motion. Storage-based DLP systems inspect data at rest. Endpoint-based DLP systems inspect data in use. In some situations, a DLP security control prevents the use of hardware with the goal of preventing data losses.
You may also see this term as data leak prevention.