15 Security questions I had to research

Its Wednesday, currently, it may not be by the time this is done. In fact I’m almost certain that it will be after midnight. I would be shocked If I got all this done in 55 mins. Any way, what did you guys think and about The Shadow and Tom Waits. Super cool stuff right. Totally some thing that like Jack White would be into right lol. Anyway. Moving forward. The Deftones are pretty cool. Man, they sure have been a band for a while. Did you guys ever hear that White Pony album. Here, Ill hum a few bars from one of the tracks:

For some reason, that weirdly reminds me of my last relationship. Wow, was that too personal. Ultimately, I feel like I would be cheating my self if i didnt get slightly personal lol

Hey you guys see that new Slipknot? Damn that shit is hard.

Anyway… I guess we could get into some actual work and learning instead of being generic and attmepting to sk8 to prove we are cool

 photo 1_zpsquikonw9.png

You know, this is uha, as previously noted these can be tricky so lets go through the definitions.

  • SHA1 – typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard
  • RIPEMD -a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
  • The original RIPEMD, as well as RIPEMD-128, is not considered secure because 128-bit result is too small and also (for the original RIPEMD) because of design weaknesses. The 256- and 320-bit versions of RIPEMD provide the same level of security as RIPEMD-128 and RIPEMD-160, respectively; they are designed for applications where the security level is sufficient but longer hash result is necessary.
  • While RIPEMD functions are less popular than SHA-1 and SHA-2, they are used, among others, in Bitcoin and other cryptocurrencies based on Bitcoin.
  • MD5 – it has been found to suffer from extensive vulnerabilities
  • DES -Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits—criticized from the beginning—makes it too insecure for most current applications, it has been highly influential in the advancement of modern cryptography

Lots of options but per wikipedia MD5 is terrible.

 photo 4_zpsetjwjykr.png

I can’t figure this one out are they saying the traffic is dropping at the 192.168 address? There are some things going on here that I’m not clear on. Honestly I would have to run a tracert to figure this out. The internet isnt going to be helpful and I have no idea what the hell kind of information that is.

 photo 2_zpsjbigwwrt.png

I got this right but it was kind of an obvious guess but I have no idea what an AAA system and I wanted to figure out what that is refers to Authentication, Authorization and Accounting. It is used to refer to a family of protocols that mediate network access. Two network protocols providing this functionality are particularly popular: the RADIUS protocol, and its newer Diameter counterpart.

Well, I guess I didnt really need to know that but its good to find out those sorts of things I suppose?

 photo 5_zpselrr8tfr.png

I’m not sure what an IGAP packet is or where its getting that. Its clear that its sending a packed and that there is an issue with it though. IGMP is an integral part of IP multicast. so I think its safe to assume its a multicast packet but the other part of this is IGAP packets are part of IGMP which is the indicator that its not a TCP.

Wow, I can actually figure out some of this stuff and maybe I’ll get a cert out of this. Awesome haha, only tie will tell.

 photo 3_zpseqzk8d4m.png

LOL, I totally forgot what these are and took a guess again. Humm, I just put on this show about people using computers and its some how more helpful in my level of focus than watching other shows haha

  • ROI – Return on investment
  • ARO – Annualized Rate of Occurrence
  • ALE – Annualized loss expectancy
  • MTBF – Mean time between failures
  • MTTF – Mean time to failure
  • TCO – Total cost of ownership

Single Loss Expectancy The Dollar Amount of what it would cost to replace the device if it malfunctioned or was lost, damaged or stolen. SLE x ARO = ALE ALE = Annual Loss Expectancy in dollars ARO = Annual Rate of Occurrence

 photo 4_zpsvfzvp3eb.png

Clearly I got this one totally wrong. I’m not sure what CSRF is and apparently how XSS works. Personally, I think of it like pivoting which may be wrong. It seems like you have to be authenticated to something though dosent it? Or atleast connected.

Anyway, lets get a look at what CSFR is , also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.[2] There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests, for example, can all work without the user’s interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser. So its basically the same thing but it does use a trusted connection. Honestly, that makes it cut and dry but I’m still confused about running java on a web app your not connected to? You know, this type of specific terminology gets really hazy, every time. There are specific ideas that people have behind it but as already noted in another question there isn’t much point to nailing down brass tacks on this if it works and its loosely within a idea. The crazy thing is that music genres work the same way.

 photo 2_zps19rqjsxp.png

lol what the hell is this and why would use a single tier solution that’s completely internal. I can understand having a DC that replicates but having one internal point failure seems less than ideal.

 photo 3_zpsnju1crdr.png

Input validation on an FTP site would amount to fuzzing which is not what they are talking about. It says transferring or transport protection. Not generic breaking and entering haha but ok though. I mean, your not fooling me with this FTP site shit its a storage server.

 photo 1_zps7krr5bp4.png

I think I got this wrong because I don’t know what IAM is so I guess I should figure out what that is Identity management, also known as identity and access management, is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.

There is no information about radius that I can find quickly so I’m just going with it.

 photo 5_zpsaqgo7zsz.png

I should have known this one but any way, here is a link on EAP-TLS certs

 photo 4_zpscquesslj.png

I actually looked this one up at the time and as previously noted MD5 is not great and AES was the correct answer.

 photo 1_zps1askmep8.png

This is so crazy, it selects a color and then mixes the two colors and that’s the key. Interesting, Diffie-Hellman key exchange

lol sick

 photo 2_zpsh7yzompe.png

This isn’t wrong but both of these are right given that there are thousands or hundreds of thousands of companies that manufacture IoT devices proving that they are all falling under one umbrella is kind of tough…

 photo 3_zpsxmpsxfuw.png

I’m not really sure why I put this here given that I got it right but there are a lot of factors and I feel its cut and dry.

 photo 5_zpsi5apfcc6.png

This one seems opinion based changing the length would also be a good idea. That was my first answer.

All right, that’s all for now. I got a new phone yesterday and I might set it up before going to bed to let every thing sync. Who knows, wild adventure. I was waiting till a case I ordered came up but I’m not sure I really want to wait haha

Tom Waits! The Shadow! Incorrect Answers! All this and more!

Alright, about half way through. The first time. As you know it takes me more than one go around and then I seem to pass real sketchy and right on the money like but thats ok. If you can read this put 2 dollars into into my paypal its Nickrbarnes@gmail.com thanks for your contributions. This is independently maintained and its a vital part of my existence so thanks for not reading it future employers. Please contact me via my text message. Thank you. Is this making any sense? I didn’t think so. I haven’t really been too personal lately and theres sometimes a guy, that comes along and does this thing. Some folks call him Bob Dylan other folks call him Tom Waits. Personally, I’m pretty sure hes the drummer for Megadeath but the world may never know without extensive research into the modern principles of why people buy watches with diamonds on them as if accurate time keeping was ever a reason to spend 50k on a watch especially given that literally if you dont have a cell phone what are you even doing. Unless your poor then I will DM you 5 dollars from my cash app for the troubles of insulting your given level of poverty. I live with my aunt for reasons but mostly its on acccount of the cost and convince.

Anyway for all you songsters out there that are not reading this here is song, its about driving a truck but its a ghost truck. You want to talk about shocking and spooky to be honest its too much to even photograph something like that. Did you know if you take a photo of a lockness monster you turn into a rat guy right away and thats not even a good thing at all.

 photo 3_zpsbmjujbf0.png

I’m not really sure what “HA in a web application server” I took at stab at it and wasn’t terribly fora off but lets start with

Ok, Properly designing high-availability (HA) web applications on the Cloud is a difficult task due to the overwhelming number of components and failure scenarios that can arise. In the real world, there is a large variance between deployments because virtually every web application has its own set of requirements.

So that’s pretty clear. You know, I should have figured that one out but I don’t think I did. The ALF for DDOS curbing and a load balancer makes sense. Reverse proxy servers do not

 photo 4_zpsb4bfhlh3.png

You know, upon re-reading the question what they are getting at is that people that work on “the firewall team” can implement vulnerabilities without having to have them approved by management. And you know, Ill be hones t here, that is troublesome. Or even worse, they could break currently working infrastructure.

 photo 5_zps5vyccjql.png

Realizing what rhosts is, I’m not really sure why I picked that one. To be honest, knowing what TTY is and without a long line of syntax I’m not sure that really makes sense either

Humm… is this right? me thinks no..

 photo 1_zpskmlzvr0h.png

This is for sure a coding question that is over my head. I’m not sure of the difference. I can tell you that planning and learning for expected test questions works much better than randomly doing weird shit to be attention seeking though. Wait, that’s not what this was about. What this is about is an abstrcation of a concept that doesnt have a hard definition to begin with. Basically this is some bull shit, you can XSS with Java and Java is not a machine language, as I understand it. To be honest, my answer is correct.

 photo 2_zps4l4w7mcj.png

This one is a little tougher as it was my assumption that 802.1x was done on the router and what they are describing is not on a router. And wow was I wrong

Overview of 802.1x Authentication

802.1x authentication consists of three components:

  • The supplicant, or client, is the device attempting to gain access to the network. You can configure the Arubauser-centric network to support 802.1x authentication for wired users as well as wireless users.
  • The authenticator is the gatekeeper to the network and permits or denies access to the supplicants.
  • The Aruba controller acts as the authenticator, relaying information between the authentication server and supplicant. The EAP type must be consistent between the authentication server and supplicant and is transparent to the controller.

The authentication server provides a database of information required for authentication and informs the authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS) server which can authenticate either users (through passwords or certificates) or the client computer.

An example of an 802.1x authentication server is the Internet Authentication Service (IAS) in Windows (seehttp://technet.microsoft.com/en-us/library/cc759077(WS.10).aspx).

Arubauser-centric networks, you can terminate the 802.1x authentication on the controller . The controller passes user authentication to its internal database or to a “backend” non-802.1x server. This feature, also called “AAA FastConnect,” is useful for deployments where an 802.1x EAP-compliant RADIUS server is not available or required for authentication.

So thats pretty straight forward and makes it quite plain that I did not understand 802.1x

 photo 4_zpsrrs5maip.png

This one I just fucked up and its probably a good idea to cover the definitions again

  • Botnet – a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.
  • Ransomware – type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them
  • Polymorphic malware – a type of malware that constantly changes its identifiable features in order to evade detection. Many of the common forms of malware can be polymorphic, including viruses, worms, bots, trojans, or keyloggers
  • Armored virus – A type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace.

Yeah thats for sure describing a botnet.

 photo 2_zpstlwxp2dj.png

This is another one of those questions where I want to say “thats really tough” but honestly a little more basic info should clear this one up… lol and the wikipedia pages for these say nothing about use or computation times. Which is totally fine given that you know some times experience makes things like this more clear and we have to take the answer at face value.

 photo 1_zpsmr68brvx.png

WPA2 does not use TLS being the key factor in this case.

 photo 5_zpssp7cczq2.png

The thing about this is that dropping an OS revision is absolutely an indicator of banner grabbing however i’m not sure if thats client or host and there is a connection attempting to be made here. That said I dont know why the host would drop info on the OS and the PC does appear to be at root which makes the pivot option seem a bit odd without further information but you are on one machine trying to connect to another.

 photo 3_zpsb22ht2n8.png

This was a thing I learned and then remembered PII data is confidential. Note taken.

I had hoped to get 10-15 more questions done tonight but I think that’s all. More to come tomorrow and in the following days. I’m sure your super excited to tune in!

More Security+, shocking!

Still going on Security, obviously, however getting back to the previous posts. I found some networking stuff that I thought was helpful. I went through several videos and this one, while long, is a really good baseline. I’m still slightly confused as to why they set up subnets when defining the IP but I’m sure eventually I’ll catch on to how that’s possibly transmitted with the packet.

So if you want some network info thats a good spot to start, for the uha firewall situation. Anyway, still unclear about the subnet? Is that indicating any thing in that range? I think that’s a safe assumption.

Anyway, lets start into the next set of questions.

Honestly, either of these work and it might be a good idea to do literally any or all of these things however B and D are fairly similar. Anyway, this one is kind of subjective but the thing is I’m kind of wondering what SCADA is exactly. I should probably know this and I’m not too proud to admit that I don’t. SCADA is an acronym for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation. ok, that’s not that weird that I didn’t what that was and I cant promise that I will remember it 6 months from now when it hasn’t come up again in my normal existence.

 photo The-Moody-Blues_zpsoni9ue2u.jpg

Unrelated but that’s the Moody Blues. yeah,

 photo 4_zps0talojqh.png

To be honest, this is another one that I probably didn’t need to blog but is one of the millions of testable variables on this test. Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ have largely replaced their predecessors.

This isn’t on the the wiki page so good luck to me with spending hours researching one obscure question for what amounts to a baseline exam.

 photo 2_zpsaqmtes1i.png

Ok this one is legit, BYOD is the only thing I know what it is and I’m betting VDI (virtual desktop infrastructure?)and COPE are bull shit but lets find out.

  • VDI – Virtual desktop infrastructure
  • COPE – Company Owned/Personally Enabled (device)
  • CYOD – Choose Your Own Device

Ok this is kind of some bull shit but but BYOD is for sure not the right answer.

 photo 5_zpslggf37lc.png

I have no idea what an xmas attack is but I thought it sounded cool so lets take a look at these things.

  • MAC Spoofing – MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed (use a VM?)
  • Pharming – a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
  • Xmas attack – Christmas Tree Attack is a very well known attack that is designed to send a very specifically crafted TCP packet to a device on the network. This crafting of the packet is one that turns on a bunch of flags. There is some space set up in the TCP header, called flags.
  • ARP poisoning – a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

You know, the question says nothing about MAC authentication so this is kind of a throw away question.

 photo 3_zpssqmpkkis.png

I mean its right but fuck that’s a lot of variables that they are not talking about in the question I.E.

 photo 2_zpsmzjfmn2i.png

I don’t know what NC or pskill does so lets look that up, oh on nc is netcat and the -p is port that its connecting to, man page. haha this is msft, it kills a process.

 photo 5_zpsnyvfxou1.png

Thinking about Extended validation doesn’t make sense but to be honest it was the only one I knew what it was so lets look at the others.

  • Wildcard certificate – a digital certificate that is applied to a domain and all its subdomains. Wildcard notation consists of an asterisk and a period before the domain name. Secure Sockets Layer (SSL) certificates often use wildcards to extend SSL encryption to subdomains.
  • Certificate chaining – A certificate chain is an ordered list of certificates, containing an SSL Certificate and Certificate Authority (CA) Certificates, that enable the receiver to verify that the sender and all CA’s are trustworthy
  • Certificate utilizing the SAN file – lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate.

You know, I should have known this and I’ve covered this before.

 photo 3_zps0mwrrxhb.png

I don’t know what any of this shit is haha

  • MOU – memorandum of understanding is a type of agreement between two or more parties ?
  • BPA – No idea, online doesn’t know
  • ITCP – Information Technology Certified Professional ? (unclear)
  • BCP – Business continuity plan

Lol there is really only one viable option here and clearly i just clicked a circle.

 photo 1_zpsh9tyfyh7.png

Yeah, the print command would indicate buffer overflow perl is clearly not java so I should have been able to figure this out out without being a coder haha

 photo 4_zpsbifegcpj.png

What the heck is DHCPOFFER/DHCPACK, MAC spoofing is faking your mac address and I don’t think that would have any thing to do with DHCP but I could be wrong also the question says im right so I’m pretty sure its the first one. Anyway the offer/acknowledge thing is done by a server so that’s kind of crazy

Well, that’s all for today. Tomorrow night I need to try to get through 100 questions again and map out some stuff to learn about

Variations on a theme..it can be tough, Security+

Keeping a good pace with the security stuff. I think I might have it done sooner than expected at this rate. Depending on how testing goes. I started studying this material at the start of last year and I guess made more headway than I realized. There are still somethings that escape me such as code samples that ask what kind of an attack it is. Like this first question!

 photo 3_zpsw8lye5ki.png

I’m not sure what DEP is but hopefully it will provide some information as none of the other stuff is really helpful as to why it would be vulnerable. I guess in this case it isn’t a code sample but a set of information that didn’t come from a scanner.

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASL Source

Data Execution Prevention does make sense as something you would want to have running on a web server so that clears that up. I feel like I should have been aware of that by now haha

 photo 5_zpsncbm8tpe.png

Theses types of questions are particularly tricky when they don’t ask what they do but what technology they work with. I think its a natural assumption that over time you develop a sense of that but at first its quite an overwhelming data set to dig through that many variables. I think its fair to say that there doesn’t really need to be further research beyond notating that SAML tokenizes passwords for authentication. I mean, for me. That may not be your case but I find it unlikely that your reading this blog for research haha

 photo 4_zpslqcp2n7t.png

You know, this is where non proprietary stuff gets tricky. With MSFT things its fairly reasonable to assume you can find and article with specific information. In this case it gets a little trickier.

However, with this one it seems pretty clear that you would want to block IP traffic however notating the subnet in the rule kind of throws me off. At this time I’m not sure why that is and ill probably check with a friend that works specifically with networking stuff.

 photo 1_zpsbe61sq1p.png

Maybe this is a better example of the specific tech thing. Again, not really any point in looking up every feature of every one of these and listing them out however it is worth taking it in one bit at a time in knowing that a symmetric algorithm uses a stream cipher.

 photo 3_zpsqhq2ocmp.png

First of all, pay attention to type-os because I through that said ‘remove’ and second of all even if it did 636 is correct and why would you remove LDAP if you where using LDAP?

 photo 4_zpswytkjekm.png

I didn’t even take a stab at this because I know nothing of the types of certificates there are. I guess a good place to start would be defining that.

  • .pfx certificate –
  • .cer certificate
  • .der certificate
  • .crt certificate

Lol well, this is a nightmare and to be honest, rightfully so. This is some deep magic putting into the hands of the general internet may not be a good idea and I feel like learning about this would be a good idea and maybe I can find a book. For now, im accepting the answer at face value.

 photo 1_zpsm1jjkqms.png

Wow, not a lot of information here however its safe to assume they are sending email To better protect sensitive/personal information and to comply with federal regulations, AES / PHEAA is encrypting email containing protected personal information

 photo 5_zpsgrzo7c76.png

Yeah, radius federation still requires authentication to a domain though. I mean, not wrong but its not just going to magically authenticate. My answer was not correct either though haha

 photo 2_zpsmgxdguyd.png

Yeah, I didn’t really think about that but honestly looking back a CRL makes way more sense than a recovery agent.

Well, that’s it for today. Thats about half the questions from this set of 100 that I went through. As I said, studying is going pretty good. The road blocks are obvious.

Security+…its similar to the last one, pt. 5

Back again with more…questions. Shocking. I know. Anyway, progress is going good. I’m finding that the portion of material I don’t know is about a quarter of it so honestly, that’s really good news as far as lead time to testing. How will the test go? Who knows. I seem to be hitting right on the money lately and eventually if I keep doing that I’m going to fail. I hope I don’t because these test are expensive and I’m going to end up paying a gym a whole bunch of money to get out of a contract on something that they can provide yet offer as a service and refuse to let me out of the contract. Kind of bull shit but you know, I’m just going to keep showing up and making fun of them and explain the situation to the outlandishly cocky people that work there as if I were completely in the wrong and state the facts haha. Which makes it overwhelmingly obvious that they run a bad business or have no idea what they are doing. Regardless they are stealing money from me.

 photo 2_zpsxlhjtpwz.png

This is tough, I have no idea what someone of this coding stuff is and take my best guess. Lets get some definitions going.

  • Cross-site request forgery – an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated
  • Buffer overflow – Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components.
  • SQL injection – attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system
  • JavaScript data insertion – Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser.
  • Firewall evasion script – This is possible through NMAP

The thing is some of this stuff I still dont know what the code looks like but I have a basic idea. I think I should be able to recognize SQL but I’m unclear on the JAVA for sure, which happens to be the answer in this case. Am I going to have to completely learn JAVA or is there some basic stuff I can do to get a quick idea about what XSS looks like? I’ll have to do some digging but the info on the OWSAP site for now, ill stick with that and see where it gets me.

 photo 4_zpsdxaztb70.png

The thing I don’t understand about this is, why would I dig the workstation I’m on? Why is the workstation a .com I have so many questions. The workstation isn’t a domain.

 photo 1_zpsxzcc1lal.png

Honestly, I’m unclear on why a web application firewall would do this. There isnt any thing in this that clearly indicates what layer its functioning at and the OWASP site isn’t clear either but I guess I can remember that one. Honestly, with the Network+ there where not many questions from the pretest on the actual test so when you see questions like this and the previous one, your kind of just screwed.

 photo 5_zpsynxqugsy.png

Ok, so here’s the thing. Clearly SHA is the right answer as seen here here but how do I learn about all the other types of certificates and what hashing algorithms they use? No clear answer to that but I can promise you this exact question will not be on the test. Maybe the pretest will go over the rest of them.

 photo 3_zps1bhesbzx.png

I’m not sure what open relay is on an email server, An open relay is a Simple Transfer Mail Protocol (SMTP) server that is improperly configured to allow the unauthenticated relay of email. oh so that shits misconfigured and it just sends mail. Got it.

 photo 4_zpsml9dxiij.png

Why TLS is more important than a CRL is unclear to me. I’m going to look into that. lol I guess I should realize that one as TLS is SSLs replacement. Still, seems like a good idea to use a CRL as well. Just saying.

 photo 2_zpsaerdp9ft.png

I don’t know what 3 of these things are so I’m going to look them up.

  • MTBF – (mean time between failures) is a measure of how reliable a hardware product or component is.
  • ALE – Annualized loss expectancy. Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE
  • ARO – annualized rate of occurrence

Lol so ARO is factored into ALE but its not a complete answer.

 photo 3_zpsgn5uhxcw.png

I’m very used to AD terms and this is new terminology to get used to these concepts as they seem to come up again and again so I may have covered this before but I’m going to go through it again.

  • Time based – this one seems obvious in that its a time of day restriction to resources
  • Manditory – mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target
  • Rule-based – Rules Based Access Control (RBAC), access is allowed or denied to resource objects based on a set of rules defined by a system administrator, I think this is what im used to. How could an OS with no administration perform this task?
  • Discretionary – In computer security, discretionary access control is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong, isn’t this the same as role-based? They are technically both user based
 photo 1_zpsqmvui2k0.png

To be honest I think that I picked those since they are directly mentioned in the question. I do struggle with these questions however I’m kind of surprised by the MSCHAP answer. ok, lol, according this the answer is the obvious one answer which seems correct.

 photo 5_zpsrswrlvmi.png

This is one is pretty straight forward and the answer could go either way because trojans do by pass authentication to install root kits essentially and then spread themselves. However, to be clear I’m 100% certain on what a RAT is: Remote Access Trojan (RAT) is a type of malware that allows hackers to monitor and control your computer or network lol so…a backdor.

 photo 3_zpsdstw80os.png

A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. A Faraday shield may be formed by a continuous covering of conductive material, or in the case of a Faraday cage, by a mesh of such materials

 photo 5_zpsxei7cyzb.png

I dont really know what these terms are

  • MTBF – (mean time between failures) is a measure of how reliable a hardware product or component is. For most components, the measure is typically in thousands or even tens of thousands of hours between failures (we just did this one)
  • MTTR – Mean time to repair
  • RTO – recovery time objective
  • RPO – recovery point objective

I feel like the wording in the question is a little confusing but I understand what they are getting at and agree with it.

 photo 1_zpsiywfcpd0.png

I had gone through about 100 questions this night and I have no idea why I picked that. Client side has nothing to do with executing a sql injection. input validation is what comes into play.

 photo 2_zps64mq8srn.png

The thing is, I don’t have any clue how data deduplication could have any thing to do with this and to be honest I doubt ill find a solid answer. Data deduplication should, in theory be run, and then done with the number of files reduced.

 photo 4_zpspldzvwqs.png

lol SMPT is clearly wrong, FTPS I would have picked, SCP is what I’m confused on secure copy is a command-line utility that allows you to securely copy files and directories between two locations. and ive seen that before lol

All right, well that’s all for now and now to keep going with these pretest questions. 29% of the way through round 1 haha

Security+ pt 4

All right, first post of the year. Here’s to having goals, making them realistic and following up with them. You know, thinking about naming conventions, is this really the best idea? I mean its the first thing people see. Anyway, I had hoped to finish this cert last year. I started on it but clearly did not get anywhere close to finishing it but I did get the Network+ so I mean its close. I also underestimated this one. Just to be honest I didn’t think it would be the tremendous amount of work that it absolutely is. And should be. However I was not expecting to see 700 questions haha. Initially I was supplied with a fairly small book and a slide deck. I was pretty sure that wasn’t going to cut it. Glad I didn’t try but to be honest I studded that stuff and learned from it so it was not a waste of time.

 photo steganography_zpslxyidbk6.png

I know we covered this at least once before and I mentioned ‘did we talk about this already’ but here we are. Is this James Bond lol? Honestly, I’m not sure what they are talking about, for the reason, of transferring hidden data. Anyway, Steganography.

 photo peap again_zpszgr3qx15.png

This is the stuff that will kill me on the test. I don’t think there is any way around getting a string of these looped together wrong given the margin for definitional argument. Given that, ill try.

  • EAP-TLS – EAP is an authentication framework, not a specific authentication mechanism.[1] It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Methods defined in IETF RFCs include EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA, and EAP-AKA’. Additionally, a number of vendor-specific methods and new proposals exist. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS. Requirements for EAP methods used in wireless LAN authentication are described in RFC 4017. The list of type and packets codes used in EAP is available from the IANA EAP Registry. It also uses certificates.
  • WPS – WPS stands for Wi-Fi Protected Setup. It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols
  • PSK – In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.
  • PEAP – PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server’s public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

Yeah, i was close but PEAP doesn’t use a certificate.

 photo diffie-Hellman_zpsmxzn7j9i.png

Im going to be real honest, I got this right but I’m not really sure why haha

  • RIPEMD – RIPEMD (RIPE Message Digest) is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
  • ECDHE – ECDHE stands for Elliptic Curve Diffie-Hellman Ephemeral. We recall that the purpose of Diffie-Hellman is to exchange a secret over an insecure channel; both sides build their own secret key from a value they received from the other participant: this is key exchange
  • Diffie-Hellman – method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.[1][2] DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
  • HTTPS – HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.

I guess we should look up that IKE phase thing too, In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.[1] IKE uses X.509 certificates for authentication ? either pre-shared or distributed using DNS (preferably with DNSSEC) ? and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.[2][3] In addition, a security policy for every peer which will connect must be manually maintained.[2]. lol, well there we have it in plain text that it clearly uses that and only that.

 photo missing null check_zpsjghqnybd.png

Honestly, this is a good one as I don’t know what these are. The answer is correct but I’m not a coder by any stretch and at some point feel like I should learn a little bit. Is now the right time to learn this? Unclear

<

  • Page exception – The exception is normally an object that is thrown at runtime. Exception Handling is the process to handle the runtime errors. There may occur exception any time in your web application. So handling exceptions is a safer side for the web developer.
  • Pointer dereference – The dereference operator or indirection operator, sometimes denoted by “*”, is a unary operator found in C-like languages that include pointer variables. It operates on a pointer variable, and returns an l-value equivalent to the value at the pointer address. This is called “dereferencing” the pointer
  • NullPointerException – In Java, a special null value can be assigned to an object reference. NullPointerException is thrown when an application attempts to use an object reference that has the null value
  • Missing null check – The program can dereference a null-pointer because it does not check the return value of a function that might return null.

/p>

 photo smart card kerberos_zpshbos7nac.png

The real kicker here is what I think they are calling ‘mutual authentication’ which in the case of kerberos would occur with ticket creation process. I dont think you can use a smart card with CHAP or LDAP as they are both a little older and basic.

All right, I think that’s all for tonight folks. Tomorrow I’m off but being that ill be up all night I’m sure I’ll be going through test prep questions. Hopefully I can get 150 done over ‘the weekend’ which would put me at 250/700 for the first go around. wow, this thing is an absolute bugger.

Blog at WordPress.com.

Up ↑