Security+ part 3…

Trying to get 15 questions into this post. Hopefully I can get that done. Will have to possibly take a few breaks in between doing that much work. Anyway, lets get into this. Trying to get this certification done quick lol. Oh I called CompTIA today and got alot of clarification on their recert process. Its not as bad as it seems. You just have to basically either do research or get a new, usually harder cert. I can handle that. I mean, my next 3-4 are booked up which should take about a year half to two years. Through that process at the end of two years I will have basically a break for about 2 years before I have to start stressing again to get my stuff renewed. I was really hoping the whole thing that was explained of get one, 3 years, the next one add 3 years and so on but but it only extends it from the date you get the cert so like if you get something in december then get a harder one in april then it only extends it to three years from april instead of being close to like a 6 year cert. However a server MCSA will renew a Network+ so thats cool. I like getting those. Man, what a lifestyle. Anyway, lets get into some questions.

 photo saml_zpsmqausyvm.png

I think im confused by what they mean when they say ‘web domain’ I mean honestly that could be any database. Are they saying it has to be housed on the webserver? Regardless lets look up what these things are. I mean, I mostly know but to be honest it seems good to be very clear on exact definitions.

  • TACACS+ – (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user’s logon password to an authentication server to determine whether access can be allowed to a given system.
  • RADIUS – a networking protocol, operating on port 1812[1] that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.[4] RADIUS is often the back-end of choice for 802.1X authentication as well.[5]
  • Kerberos – Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
  • SAML – Security Assertion Markup Language (SAML, pronounced SAM-el) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Yep, its honestly pretty cut and dry. It uses XML and is for web SSO and I honestly was unaware of what it was. Kerberos confuses me slightly but the tickets are based on a time stamp so it is extremely secure. However with SAML I’m wondering where they store logins and passwords.

 photo box types_zpsjjdwvpzt.png

I got this question right but I did want to go over the definitions for the various ‘box colors’ just to be clear.

  • Black box – refers to a method where an ethical hacker has no knowledge of the system being attacked
  • Gray box – technique where the hacker has to use limited information to identify the strengths and weaknesses of a target’s security network.
  • White box – a method of testing the application at the level of the source code. These test cases are derived through the use of the design techniques mentioned above: control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage as well as modified condition/decision coverage. White-box testing is the use of these techniques as guidelines to create an error-free environment by examining any fragile code.
 photo scp_zps7qbnnm8u.png

Again, not clear on the definitions of these technologies for use as file transfer.

  • HTTPS – uses an easy and secure connection to their managed file transfer (MFT) platform to support browser-based transfers without having to install a web server. MFT is primarily a file transfer server, not a web server.
  • LDAPS – open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network
  • SCP – (linux but can install on windows) (secure copy) is a command-line utility that allows you to securely copy files and directories between two locations. With scp , you can copy a file or directory: From your local system to a remote system using SSH.
  • SNMPv3 – Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more. Used for network monitoring.

I still think HTTPS fits the bill however I may be missing something here.

 photo sam certificate_zpszcfyyfv4.png

I got this right but I wanted to go over SAM name as it pertains to a certificate. Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. So generally it extends to sub domains is how I’m understanding it.

 photo automated defense_zpsjzpttrtz.png

Yep, going to need to hit those definitions.

  • NIPS – network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.
  • HIDS – A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.
  • Web proxy – a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources./li>
  • Elastic load balancer – I think we covered this one
  • NAC – Network access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.

Kind of a toss up on the NIPS or HIDS based on what I’m understanding. NIPS it is!

 photo forensecs preservation_zpsdm0edzms.png
 photo forensecs preservation pt 2_zpsvdccaaam.png

The weighting process on this is a bit confusing for me on this one. There is the definition below and to be honest i’m well aware of what’s involved in forensics but rabbit holes aside, it does seem like there should be some basic ideas on this.

It does match with this perfectly though so I’m good with it.

 photo mdm software_zpscpqurtdo.png

This seems like a question of definition too.

  • Virtual desktop infrastructure – defined as the hosting of desktop environments on a central server
  • WS-security and geo-fencing – Geofencing is a service that triggers an action when a device enters a set location, message-level standard that is based on securing SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens
  • A hardware security module (HSM) – a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing
  • RFID tagging system – type of tracking system that uses smart barcodes in order to identify items. RFID is short for “radio frequency identification,” and as such, RFID tags utilize radio frequency technology. … An RFID tag may also be called an RFID chip< /li>
  • MDM software – Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.
  • Security Requirements Traceabiity Matric (SRTM) – s a document that maps and traces user requirement with test cases. It captures all requirements proposed by the client and requirement traceability in a single document, delivered at the conclusion of the Software devlopement life cycle

I guess MDM is the only thing that makes sense. I was thinking HSM also offered identification but that appears to be untrue.

 photo website ports_zpsrgz9qpj4.png

This is the stuff that really gets me as it gets super confusing. At least for me. DNS uses TCP Port 53 for zone transfers, for maintaining coherence between the DNS database and the server. The UDP protocol is used when a client sends a query to the DNS server. The TCP protocol should not be used for queries as it gives a lot of information, which is useful to attackers. Honestly, not super clear on why a zone transfer port would be helpful in this case but ok.

 photo cell phone encryption_zpscqkdkww8.png

No idea what type of encryption you would use on a cell phone so lets define these things.

  • Elliptic curve – a plane algebraic curve defined by an equation of the form. which is non-singular; that is, the curve has no cusps or self-intersections
  • one-time pad – an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.
  • 3des – a cryptographic cipher. It is a symmetric key block cipher, meaning that the same key is used to encrypt and decrypt data in fixed-length groups of bits called blocks
  • AES-256 – The Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001

You know, out of the choices AES for sure makes the most sense.

 photo access control types_zpsqklvkfiz.png

I’m not sure which of these uses data classification labels and to be honest, it must be that mandatory is the only one. I highly doubt that its worth learning more than that.

 photo wireless auth_zpsw8nmjzcm.png

This is another type of question that worries me as you need to know every single thing about every type of encryption. Clearly the answer is PEAP for the authentication of the device to the auth server and then passing the user name and password. Thats a very specific scenario based on how it works which leads me to believe that I basically need to know every thing about every auth type. I’m not going to stress too much about encryption because to be honest there are so many ways to encrypt things and to be honest they all seem kind of the same.

 photo active-passive configuration_zpsixcncw2e.png

Honestly, I have no idea what active/passive configuration is referring to so I guess we should start there. Appears to have something to do with fail over clustering which makes sense with availability per this

 photo war chalking_zpsfabvwlyc.png

What the fuck is war chalking? Honestly, I didn’t even think that was real. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network. Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them. lol, ok well now I know.

 photo ecrypted email_zpszfmny0ds.png

Yeah, ok. I totally fucked this one up. Lots to learn here, apparently. Why I picked steganography, I have no clue. ok so lets do a little reading. Ok, reading done and I appear to have added in ’email’ however so far I’ve learned nothing. However, this page is helpful but it doesn’t say any thing about message integrity. I guess that’s what we are going with.

 photo non-repudation_zpswurl3llh.png

Well, in the previous question I learned that it means that it absolutely came from the source that it says it came from due to the use of encryption keys so thats really all I need to know about this one.

 photo CASB_zpsgm3dttym.png

Some times, in my opinion, the ideas surrounding cloud services get a little confusing. This seems like platform as a service to me but maybe that doesnt offer ‘back end environmental controls’. Seriously fucking, docker, azure. Done. cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. THIS QUESTION SAYS NOTHING ABOUT SECURITY BUT OK.

Ok, I have 5 more questions to do out of the first lot of 100 to get through every thing I had questions about and I may get to that tonight or I may not. Either way, obviously just starting on this but making really good progress. I think I kind of took it slow with Network+ but I did pass on the first try, luckily. Anyway, reached my initial goal of 15 questions on this post

Security+ part 2

I guess I could do 10 sides in this one. Was trying to get 30 done tonight but not sure if I will get that far. I guess we will see haha. There is a ton of information to get through so this may take a while. 700 pretest questions, wow

 photo AES_zps1yvjszid.png

Honestly, encryption types are what will get me on this exam if I dont really nail them down. There are so many its a little overwhelming but lets start with defining these and maybe the reason why the answer is what it is will be clear.

  • DES – The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although its short key length is of 56 bits, criticized from the beginning, makes it too insecure for most current applications
  • AES – AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),[7] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
  • MD5 – MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.[3]
  • WEP – Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.

Again, it smees like I would use WEP but according to this AES is better as WEP is volenerable however it does say ‘most likely’.

 photo data access_zps0oykcw5m.png

Role based access is such an odd thing because it depends on the type of server the info is on. If its on a Windows Server the access is little different but lets go through what these are because to be honest I dont know shit about file access controls on any thing but windows servers

  • MAC – Mandatory Access Control (MAC) is the strictest of all levels of control. The design of MAC was defined, and is primarily used by the government.
  • DAC – Discretionary Access Control (DAC) allows each user to control access to their own data
  • RBAC – Role Based Access Control AKA Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user’s job function within the organization to which the computer system belongs
  • ABAC – Attribute-based access control, also known as policy-based access control, defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together

Honestly, this is similar conceptually and I kind of understand it rather than taking a blind guess.

 photo steganograghy_zpsexh6izms.png

There are two steganography questions on here and I understand it conceptually but man, unclear, unclear. Anyway, I’m assuming visually it appears the same and they now suspect that there is data in the image? I mean, after understanding steganography I’m not sure what else they could be talking about.

 photo esp integrity_zpsv4piwytm.png

For starters, I’m not sure what IPSec that provides ESP with integrity protection is. So that could be a good place to start

ESP = An Encapsulating Security Payload (ESP) is a protocol within the IPSec for providing authentication, integrity and confidentially of network packets data/payload in IPv4 and IPv6 networks. ESP provides message/payload encryption and the authentication of a payload and its origin within the IPSec protocol suite

That sounds like it has integrity protection. The thing is, some how this protocol is a question?? Man this is confusing. Anyway, lets go through these answers.

  • HMAC – Cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
  • PCBC – Plaintext Cipher Block Chaining
  • CBC – Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.
  • GCM – Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers widely adopted thanks to its performance.
  • CFB – Cipher Feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse:

So this is a bunch of weird block chain stuff and one cryptography answer that im assuming is the second part of the ESP solution? That’s what I’m going with.

 photo load balancer_zpscfclvuzk.png

I know about load balancers but the types of load balancers I’m not super sure on. I guess we can go through those.

  • Round-robin – rotates servers by directing traffic to the first available server and then moves that server to the bottom of the queue. Most useful when servers are of equal specification and there are not many persistent connections.
  • weighted – This method uses the response information from a server health check to determine the server that is responding fastest at a particular time. The next server access request is then sent to that server. This ensures that any servers that are under heavy load, and which will respond more slowly, are not sent new requests. This allows the load to even out on the available server pool over time.
  • Least connection – Directs traffic to the server with the fewest active connections. Most useful when there are a large number of persistent connections in the traffic unevenly distributed between the servers.
  • Locality-based – Weight assignments across different zones and geographical locations is by using explicit weights supplied via EDS in the Locality Endpoints message. This approach is mutually exclusive with zone aware routing, since in the case of locality aware LB, we rely on the management server to provide the locality weighting, rather than the Envoy-side heuristics used in zone aware routing.

That last one, that is the answer seems a little bit extra but it does say that they could be in different areas so I guess I can see that. It also took a long time to find a definition for it even though it seems obvious which would indicate its not used much. This is a bull shit question. Typically a load balancer serves a set s machines sitting in one physical location. This starts to get into some really complicated stuff because if you are serving from the data center thats where the load balancer is, why not use those?

Anyway, thats all for now. I got about 1/3 of the amount of research done that I was hoping to get done tonight but that’s ok. My brain is tired and I couldn’t make it to 10 in questions in this post. Ill get back on it tomorrow and hopefully get another 1/3 or so done.

Security+ part 1

I’ve passed my Network+ test, finally. On the first try though. I suppose that I could have worked a little faster but whatever, I got it done. Moving on to Security+. I went through the first 100 of about 700 test prep (wow…) questions last night and found that, so far, I’m not terribly off base with what I need to know but I did find about 30 questions that I wanted to research a little more so lets get into that!

I knew the answer here and to be honest I cant exactly explain why other than ‘it didn’t look like the other ones’ and the get and change portions set off some flags. Anyway, lets define the other stuff in the post

  • Command injection – Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
  • Password attack – An attack in which repetitive attempts are made to duplicate a valid logon or password sequence.
  • Buffer overflow – causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
  • Cross-site scripting – a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

So a get process command sent to a Linux box is for sure an example of command injection.

This question, I got wrong, but the point being I honestly don’t really know how that string of things fits together. Which is ironic, given that the answer is that who ever implemented the solution didn’t know how to make all those things work together either. Lets start with defining those things

  • TLS – Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL),[1] are cryptographic protocols designed to provide communications security over a computer network.[2] Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
  • AES-GCM-256 – The cipher AES-256 is used among other places in SSL/TLS across the Internet. It’s considered among the top ciphers. In theory it’s not crackable since the combinations of keys are massive. Although NSA has categorized this in Suite B, they have also recommended using higher than 128-bit keys for encryption
  • SHA-384 – SHA-256 and SHA-512 are novel hash functions computed with 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively.
  • ECDSA -a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners.

The unauthenticated encryption method is kind of a mystery to me. Do they mean its lacking a PKI or like its not an ‘official’ encryption standard. Regardless, D does make more sense.

This is also confusing, why wouldn’t you run nmap on the IP range? Is that not considered a vulnerability assessment? To me it seems like the same thing but ok, Grey-box pentest and its grey box since we have IP addresses.

I have no idea what PGP has to do with secure email and to be honest, I doubt the internet is going to help me with this one but lets find out!

Welp, that was easy, PGP

Personally, I find this a bit odd but given that I was genuinely uneducated on the last question, this could be the case here too. As to where to find these definitions, who knows but lets see what we can do.

Honestly, all I’m finding are generic psychological answers that I’m not sure are super helpful given that ‘social proof’ means that you simply re state what someone else said to you.

That’s all for now! I tried a new way of posting as Photobucket isn’t cooperating tonight. Normally I dump images into Photobucket, edit the post in an HTML editor and then copy and paste the code into WordPress but im currently giving their block editor a go and putting the images directly onto the site.

Powered by WordPress.com.

Up ↑