TCP/IP Security Notes

IP attacks typically follow a set pattern. This pattern can be recognized, and rules created to help thwart it – this pattern is refered to as an attack signature. Signatures may be used to create IDS rules.

Reconnaissance and Discovery
Would-be attackers usually engage in a well-understood sequence of activities, called reconnaissance and discovery.
During the reconaissance phase The attacker may ping sweep or port probe the target. The purpose of this reconnaissance is to find out what is running and what may be vulnerable.
PING sweep
Can identify active hosts on an IP network
Port probe
Detect UDP- and TCP-based services running on a host

The attack
Attacker focuses on the attack itself. A more seasoned attacker may cover their tracks by attempting to modify log files, or terminating any active direct connections.
One method of is a brute force attack that overwhelms a victim.

Denial of Service Attacks
Designed to interrupt or completely disrupt operations of a network device or communications
SYN Flood attack
Uses the three-way TCP handshake process to overload a device on a network
Broadcast amplification attack
Malicious host crafts and sends ICMP Echo Requests to a broadcast address

Distributed Denial of Service Attack (DDOS)
DoS attacks are launched from numerous devices,  such as acommand and control botnet.
DDoS attacks consist of four main elements

Session Hijacking
The purpose of session hijacking is to impersonate an authenticated user in order to gain access to a system
Once a session is hijacked, the attacker can send packets to the server as the victim.

RFC 2401: The goal of IPSec are to provide the following kinds of security

  • Access control
  •  Connectionless integrity
  •  Data origin authentication
  •  Protection against replays
  •  Confidentiality
  •  Limited traffic flow confidentiality

RFC 2196: Indicated that the following documents are components of a good security policy

  • An access policy document
  •  An accountability policy document
  •  A privacy policy document
  •  A violations reporting policy document
  •  An authentication policy document
  •  An information technology system and network maintenance policy document

CDIA+ CompTIA Document Imaging Exam Notes

CompTIA CDIA+ Exam: 225-030
85 questions
Conventional, linear format.
90 minutes alloted time.
Passing Score: 700 out of 900 possible.

Goals define activities
Activities define documents and data
Documents and data define technology requirements

A process metric is an indicator of the process, ex: how many, how fast. Metrics are taken before, during and after an implementation.

Continue reading “CDIA+ CompTIA Document Imaging Exam Notes”

Comp-Tia’s Security+ Certification Exam Notes

Comp-Tia’s Security+ Exam
Exam Number SY0-101
Number of Questions 100
Time Allotted 90 Minutes
Passing Score 764/900
Exam Objectives: Available at the CompTia Site

Access Control Models

MAC Mandatory Access Control – An Administrator createds a predefined set of permissions and assigns them to users and objects (labels)
DAC Discretionary Acess Control – The resource owner established who or what has rights to an object (ACL)
RBAC Role Based Access Control – Rights are assigned per user role, roles are ususaly based on organizational structure.

Authentication and Identification Continue reading “Comp-Tia’s Security+ Certification Exam Notes”

CompTia Server+ Exam Notes

Exam Facts
CompTia Server+
Exam Number SK0-002
Number of Questions :80
Linear Exam
Minimum Passing Score :615/900
Time Alloted 90 Minutes

Exam Objectives: Available at the CompTia Site here (registration required)

Rack notes

A full rack is 42 U
One U is 1.75 inches
therefore a full rack has 73.5 inches of useable space.

Never move a full rack. Always remove all equipment first.
Install the heaviest parts towards the bottom. ( ex: UPS units)
Racks typically have wheels, and most have stabilizer feet. Continue reading “CompTia Server+ Exam Notes”

CompTIA A+ Exam Notes

  • The four basic components of any computer are input, output, storage and processing
  • ASCII = American Symbolic Code for Information Interchange. 128 char. Extended 255 char.
  • Six fundamental microcomputer components: processor, bus, memeory, disk, video, input/output
  • Old school bus types ISA,EISA,VESA, MCA
  • Another name for a system board is the planar board
  • The nucleus of the PC is the CPU
  • A measurement of speed is MegaHertz
  • Clock speeds are measured in megahertz
  • The larger the cache, the faster the processor
  • the 80286 is equated with the AT and ISA busses
  • The MCA bus was predominatly used by IBM
  • EISA took the most popular features from other busses and expanded on them.
  • the VESA bus is also klnown as the VLbus
  • PCMCIA cards were designed for notebook use
  • Memory is a storage area for fast access. Continue reading “CompTIA A+ Exam Notes”