The end of round 1, for Security+

Welp, I’m finally almost caught up on bogging which means that its back to going through test prep questions. Man, this thing is a monster and I cannot stress that enough. I have been taking it slow though. Which has curved burn out and what I’m calling shoe shine head. Not great at memorizing without reason, again, so its hard to just go through this many things and know all the answers. The other part of that is that the questions on the pretest most likely will not be on the actual test which means, shocking, you have to know the material.

Anyway, this was my score going through the pretest completely and as you can see I have a ways to go. I’ve been through about half the questions I missed and realized towards the back end (the questions I didn’t blog before going through them) that I needed to blog those bad boys haha

 photo 3_zpswr90pnkh.png

Anyway, lets get into this lot of questions. It seems I marked some more for review so possibly get ready for some more stuff (no one reads this lol) that I’ve covered before!

 photo 3_zpscsxpvwsv.png

This is the type of question that gets me nervous because it says a configuration has not been entered on the firewall and then seems to state that there is an implicit deny rule. This leads me to think that I should be looking to set a configuration. However, when thinking back on it now ACL is kind of weird thing to put on a new firewall and inbound/outbound rules are not. The wording is a little off putting on this but I for sure see where they are going with it and it should be something that I’m able to catch on to.

 photo 2_zpsq8c34awm.png

I cant seem to find anything about this anywhere online. The only example info about buffer overflow is red team type definitions rather than ‘what blue team should look for’ type of things. Anyway, I’m not sure how a ping is a indicator of a buffer overflow. I guessed at the answer though. Again, this is the type of question that worries me and I’m pretty sure I’m not going to pass the first time based on stuff like that.

 photo 1_zpseh8swrzu.png

This one was pretty straight forward, as noted by Certfication Kits/Cisco:

A Root Bridge is a reference point for all switches in a spanning-tree topology. Across all connected switches a process of election occurs and the Bridge with the Lowest Bridge ID is elected as the Root Bridge. Bridge ID is an 8-byte Value that consists of 2-Byte Bridge Priority and 6-Byte System ID which is the burned in MAC address of the Switch. Initially all switches began advertising them selves as the Root Bride in BPDUs but once they receive a superior BPDU, one which has a lower Bridge ID, they cease the messages and starts forwarding the superior BPDUs. In the above Figure all switches began with advertising themselves as the Root Bridge. When Switch B receives the BPDU from Switch A it compares the Bridge ID of itself with that of Switch A. Since the Priorities are same, the MAC address is used as the tie breaker and thus Switch A wins due to lower MAC Address. Switch B stops sending its BPDU and forwards the BPDU from A. This Process repeats on Switch C as well and it ceases the generation of BPDU and instead forwards BPDUs from A. Now a single reference point for the network is elected which is Switch A, all other switches now forward STP BPDUs received from Root Bridge.

I didn’t include the diagram but its still legable and the important part is this: of 2-Byte Bridge Priority and 6-Byte System ID which is the burned in MAC address of the Switch and once they receive a superior BPDU, one which has a lower Bridge ID, they cease the messages and starts forwarding the superior BPDUs

 photo 1_zpsyi2flsa4.png

Again, this is one of those authentication/hashing/encryption things that I feel like I should have a very clear idea of every single thing about each one of them for some reason but don’t

Lets make a list:

  • XOR – a basic cypher
  • PBKDF2 – Password-Based Key Derivation Function 2 – are key derivation functions with a sliding computational cost, used to reduce vulnerabilities to brute force attacks. PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.
  • bcrypt – Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
  • HMAC – sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any cryptographic hash function, such as SHA-256 or SHA-3, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-X, where X is the hash function used (e.g. HMAC-SHA256 or HMAC-SHA3). The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and the size and quality of the key. does not mention salt directly on the wiki
  • RIPEMD – RIPEMD, as well as RIPEMD-128, is not considered secure because 128-bit result is too small and also (for the original RIPEMD) because of design weaknesses. The 256- and 320-bit versions of RIPEMD provide the same level of security as RIPEMD-128 and RIPEMD-160, respectively; they are designed for applications where the security level is sufficient but longer hash result is necessary.
  • salt – Salts also make dictionary attacks and brute-force attacks for cracking large numbers of passwords much slower (but not in the case of cracking just one password). Without salts, an attacker who is cracking many passwords at the same time only needs to hash each password guess once, and compare it to all the hashes. However, with salts, each password will likely have a different salt; so each guess would have to be hashed separately and compared for each salt, which is considerably slower than comparing the same single hash to every password. Thought this was work mentioning
 photo 4_zpsdmz92hk8.png

Not sure why I picked a packet analyzer if they noticed the connections, which im not sure how they did without using netset, netstat would be the choice.

 photo 2_zpsd6llrljm.png

A seems like the normal choice here but what really happens is a massive amount of data causes the system to possible allow you to perform arbitrary actions or execute programs. However this very specific scenario is possible, as noted here. Again, this type of question is my nightmare.

 photo 5_zpsasi5ib8f.png

Honestly not exactly sure what a SYN packet is, so lets check these two things out: some firewalls start triggering their own alerts when this rate is reached and may start dropping or refusing connections. and the half-open connections created by the malicious client bind resources on the server and may eventually exceed the resources available on the server. At that point, the server cannot connect to any clients, whether legitimate or otherwise. This effectively denies service to legitimate clients

From that info its pretty clear that it uses up the memory and then the server crashes.

For some reason this post took a while and actually exhausted me. Cant wait to hit the hay tonight. Listened to some interesting music tonight along with the fan on my laptop spinning up more than usual for some reason. Reminds me of my ex-wife for some reason. Always the same cycle hun? Anyway, new Taylor Swift video in a few hours that apparently she directed her self so, I guess I’m excited for that. Not a person I remember listening to a bunch of her stuff but was vaguely familiar with as I lived in Nashville for along time and was fairly social. Not that any of that information is any not completely random.

Back to Security+ posts!

Finally getting around to getting back to this. For some reason decided to write some trap songs and put them over youtube beats. Kind of a waste of time, but whatever. I’ve also been regularly smoking for bout 2 months now. again. Ill take 2-3 days off in a row but generally im still smoking at least one cig a day. I promised my self would stop feb 1st and hear it is, the end of the month. Not sure what’s so stressful or has me concerned enough to think that I should smoke. I mean, I like smoking but there’s really no need for it. So, gotta make that choice to kick that again. Especially if im trying to run a 10 min mile. Gah, its always something with me isnt it? Truthfully, I’ve been around a lot of musicians since I was a young teenager and never recorded my self doing any thing. I wasn’t terribly disappointed with the results but I’m not quitting my day job. Here’s to being an adult. Anyway, lets get to these questions!

 photo 4_zpsoxj1rccz.png

I’m not sure what they mean by key? Encryption key? So lets figure that out: In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm. For encryption algorithms, a key specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms. The next question is What is the bottom green answer and we have answered that previously but lets cover it again Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. So the total package answer gets a little sketchy and this is the most direct thing I can find, which is about as clear as mud A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm and is associated with a private key. The public key is associated with an owner and may be made public. In the case of digital signatures, the public key is used to verify a digital signature that was signed using the corresponding private key. There are some questions here about what kind of encryption its using but heres some helpful info on private keys: Asymmetric cryptography, also known as public key encryption, uses two different but mathematically linked keys. The public key is made available to everyone that needs it in an easily accessible repository while the private key is confidential and only shared with its owner. In this method, whatever is encrypted with the public key requires the related private key for decryption and vice versa. Public key encryption is typically used for securing communication channels, such as email. Like theres no indication that its not symmetric encryption

 photo 5_zps6cwsajhn.png

NTLM does have a known pass the hash vulnerability The NTLM protocol uses one or both of two hashed password values, both of which are also stored on the server (or domain controller), and which through a lack of salting are password equivalent, meaning that if you grab the hash value from the server, you can authenticate without knowing the actual password.

 photo 3_zpsn9lhnctu.png

There where two options here that I didn’t know what they where and clearly I picked the wrong one, so lets define those

  • VDSL – lol Very high speed digital subscriber line (VDSL)[1] and very high speed digital subscriber line 2 (VDSL2)[2] are digital subscriber line (DSL) technologies providing data transmission faster than asymmetric digital subscriber line (ADSL).
  • SRTP – SRTP uses encryption and authentication to minimize the risk of denial of service( DoS ) attacks. SRTP can achieve high throughput in diverse communications environments that include both hard-wired and wireless devices

Obviously I picked the wrong thing and the test question showed up as unhappy.

 photo 2_zpsuz9h8xhn.png

The ‘govern’ word really throws me off here but when looking at the definition off the answer the first sentence does seem to point to that Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls. For example, technical security controls such as firewalls, intrusion detection systems (IDSs), and proxy servers help protect a network

 photo 1_zpsqt0xjjil.png

This is one of those confusing things because NTLMv2 does use symmetric key encryption but from what im understanding twofish would be the one out of these that interacts with data at rest.

Well, that’s all for tonight. Hopefully we will meet some time again soon, blog. Absolutely no promises though but im pretty much telling you right now that will never happen. I can do whatever I want but currently I’m choosing to put shitty trap music voice memos in a drop box rather than be productive haha. Nah, thankfully this was less taxing than the others have been lately because some of the questions in the last few posts have been buggers and I would not be surprised if I came back around and blogged the same questions again.

More to learn, than I thought…

This is taking more time that I thought it would, as usual. Being my arrogant self I thought I had covered a lot of the material but there are a bunch of detail gaps to fill. I have the most trouble with authentication and encryption protocols and given that I won’t see any direct questions from this VCE I’m going to have to really nail those down. The other thing is ports and those can be a bit mysterious at times because A isn’t always to B, if that makes sense. So, I need to really spend time on those and figure them out. It’s interesting to learn things and I find it useful and helpful in all sorts of scenarios where logic plays a factor even if the studied subjects don’t obviously correlate. Also, the word wrap feature in CoffeeCup doesn’t seem to scale with window size or it doesn’t do anything haha

 photo 5_zps8sy1poik.png

So this one seems a little grey IMO as fuzzing is input validation and this is discussing ‘compiled code’ which may or may not have user input. Compiled code could run any thing, it doesn’t have to connect to a database that you could run cmds against.

Compiled code is a set of files that must be linked together and with one master list of steps in order for it to run as a program. This is opposed to a interpreted code like web scripts, host server scripts and BASIC that are run one line at a time. Another program called a compiler is designed to maximize the efficiency and speed of the program so that it runs faster than an interpreted version of the same program. A compiled program outputs an EXE or DLL file. A compiler also checks the code for errors. It will work up and down the code to scan for anything that will crash the program or is syntactically wrong. A program with untested code can do anything to your computer including very bad things if not contained within its space. Lots of time is spent by a programmer to get an error free compiled EXE file. (And even then you can get infinite loops, etc.) In the end the point of compiling is to create a most efficient, compact EXE file for optimal running of the program.

However when you google complied code fuzzing it points at this: Compiler Fuzzing: How Much Does It Matter? so I’m going to read through it. Quick tip, get good at reading fast, remembering what you read and recognizing the high lights for getting certs efficiently.

So, after reading this it seems like what they are pointing at is miss computation errors made by compilers. Fuzzing, as I understood it was more a mater of checking to see how code responds to things, now if you follow that around it turns out that what they mean is how the code responds to a specific set of instructions given by the user or machine that is interacting with the program and checking if the results are correct. Under this logic it absolutely makes more sense. However, does it make more sense than labeling it regression testing. I guess we should get a better idea of what that is because I thought that sort of was what regression testing was, does the application function as designed.

REGRESSION TESTING is defined as a type of software testing to confirm that a recent program or code change has not adversely affected existing features. Regression Testing is nothing but a full or partial selection of already executed test cases which are re-executed to ensure existing functionalities work fine. This testing is done to make sure that new code changes should not have side effects on the existing functionalities. It ensures that the old code still works once the latest code changes are done.

So this seems to indicate that regression testing does a similar thing but instead of being a new application its an application that is adding new functionality. In this case it would appear that there is no indicator that says the code is a new feature of an older application.

 photo 1_zpstz23lu7q.png

I’m going to define these, again.

  • AES – AES comprises three block ciphers: AES-128, AES-192 and AES-256. Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits, respectively.
  • SSL – Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP
  • TLS – (the link is really good) Transport Layer Security, the more recent encryption protocol that has replaced SSL
  • RSA – one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret.

In addition, Data At Rest wiki notes: Data encryption, which prevents data visibility in the event of its unauthorized access or theft, is commonly used to protect data in motion and increasingly promoted for protecting data at rest.[7] The encryption of data at rest should only include strong encryption methods such as AES or RSA. Encrypted data should remain encrypted when access controls such as usernames and password fail. Increasing encryption on multiple levels is recommended. Cryptography can be implemented on the database housing the data and on the physical storage where the databases are stored. Data encryption keys should be updated on a regular basis. Encryption keys should be stored separately from the data. Encryption also enables crypto-shredding at the end of the data or hardware lifecycle. Periodic auditing of sensitive data should be part of policy and should occur on scheduled occurrences. Finally, only store the minimum possible amount of sensitive data

Lots of useful information here but the answer was found in the Data at rest info.

 photo 3_zpscnocqbgg.png

These types of questions seem subjective to me. I mean, if this ‘analyst’ isn’t in the security department he should let them know rather than attempt to fix it him self. The other way is also true. However, it does say security analyst and in this case it would appear that their department handles A-B remediation. Not sure if that’s always the case.

 photo 4_zps1jqgwdnl.png

So, I have to admit, I did a lot of reading in the first half of this and was deliriously tired towards the end and realized that I should go back through the links in this one and the previous one. Which I will do tomorrow (possibly tonight) and possibly aim to get another one of these done. Anyway, back this and I’m going to make a list!

  • STelnet – I’m pretty sure this is SSH but its not really clear through google
  • SCP – is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol.[1] “SCP” commonly refers to both the Secure Copy Protocol and the program itself.[2] According to OpenSSH developers in April 2019 the scp protocol is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like sftp and rsync for file transfer. a network protocol, based on the BSD RCP protocol,[4] which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. Like RCP, there is no RFC that defines the specifics of the protocol.
  • SNMP – an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.
  • FTPS – FTPS (also known as FTPES, FTP-SSL, and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols
  • SSL – Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL),[1] are cryptographic protocols designed to provide communications security over a computer network.[2] Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
  • SFTP – a command-line interface client program to transfer files using the SSH File Transfer Protocol (SFTP), which runs inside the encrypted Secure Shell connection.

The problem with this is that the answer is clear once you go through all of them finding a statement that says ‘implicitly uses x’

 photo 2_zpslbs2yyho.png

I dont know if I’ve said this before but let me be clear: I hate these things

  • Rule-based access control – With rule-based access control, when a request is made for access to a network or network resource, the controlling device, e.g. firewall, checks properties of the request against a set of rules. A rule might be to block an IP address, or a range of IP addresses. A rule might be to allow access to an IP address but block that IP address from use of a specific port, for example port 21 commonly used for FTP, or port 23 commonly used for Telnet. A rule might be to block a specific IP address, or block all IP addresses from accessing certain applications on the network, such as email or video steaming.
  • Role-based access control – With role-based access control, when a request is made for access to a network or network resource, the controlling device allows or blocks access to a network or network resource based on that user’s role in the organization. For example, an individual with the engineer role in an organization might be allowed access to the specifications of parts used in the company’s product, but blocked access to employee records. An individual with the supervisor role might be allowed access to employee records, but blocked access to engineering documents and specifications.
  • Mandatory access control – Often employed in government and military facilities, mandatory access control works by assigning a classification label to each file system object. Classifications include confidential, secret and top secret. Each user and device on the system is assigned a similar classification and clearance level. When a person or device tries to access a specific resource, the OS or security kernel will check the entity’s credentials to determine whether access will be granted. While it is the most secure access control setting available, MAC requires careful planning and continuous monitoring to keep all resource objects’ and users’ classifications up to date.
  • Discretionary access control – type of security access control that grants or restricts object access via an access policy determined by an object’s owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.

Ok, those are starting to get a little clearer after reading definitions that are not from wikipedia. Anyway, thats all for today.

Photo unrelated

 photo img0051ld4_zpshz3qogca.jpg

More Security and notes about historical passages of information

Really getting back into this and learning somethings. Which is nice! It’s good to learn. The great thing about independent study is that its hard to stop the flow of information on the internet. Some times learning things can be difficult because of acquiring information. You know people are always like “that’s the stuff they don’t teach you in high school” then at the same time don’t put much effort into learning about causes and design and so forth. Which is totally fine but I will say the people that try to learn the stuff that “they don’t teach in high school” generally don’t complain about it because they are aware of the level of passion for understanding and learning in society. I mean, seriously the catholic church is a thing but it’s also an institution of mankind, so make of that what you will, however the dark ages happened and it was a time when information was stopped to preserve the power of the Catholic Church. Scientist and theologians where both equally persecuted for questioning current doctrinal beliefs that left the papacy in the form of being ‘god’. It was hundreds of years before society actually progressed during the time of the renaissance. Thanks in no small part to the Medici’s of Florence and most notably papal sponsorship of fine art. Anyway, that’s neither here nor there. We live in a time when there is so much information available to make us better, more aware and more socially responsible people. A lot of talk about racism floats around these days though and you often have to take a look at what that really means and the causes. So many people claim to not be racist while putting forth obviously obsessive racist ideals because they think a culture harms their way of life. This is really alarming to me because its often disguised in the form of a plate of cookies or something and mean while there are people that bring ideas forward about jumping on a band wagon instead of trying to figure out what’s going on in the world. Understanding basic theology, philosophy and historical narrative in terms of events and art being made is vastly undervalued. We often trade that for some trite narrative of control or needing to seem important for no reason. There are lots of people that are very aware of this and its the same thing that lead to the dark ages. Personally, I don’t really give these people much mind as they have no intention of hearing what I have to say or what any book or painting may have to say. Its a haphazard form of senseless arrogance. Sound like any other group of people? Anyway, I digress into saying that there is a difference between ‘job security’ and malicious behavior.

So, lets get into some questions.

 photo 1_zpspqml1c5n.png

You know, at first I thought “why would a non-credentialed scan be worse than a credentialed” and I was all I guess I should check that out.

Securing your organization with credential-based vulnerability assessment

This clearly states Does not disrupt operations or consume too many resources because the scan is performed with credentials which indicates that the non-credentialed scan is more likely to harm infrastructure.

 photo 3_zpsaazqdm9q.png

I have a hard time discerning the granular detail of difference between ‘Mission-essential function’ and ‘Identification of critical systems’ and really I think this is like a high school wording question.

Any way, I found this to be helpful: Business Impact Analysis (BIA) as part of your Cyber Security Plan

 photo 4_zps0x40auuk.png

So, there is a typo in this one with the the access the server, I’m assuming it should be ported to How do you access the server… regardless TLS is not tied to a port so im not sure why I committed to that choice. Anyway, this has a lot of information I found helpful

Transport Layer Security (TLS) looks like there is alot of information on this that might be useful to go through beyond this so I’m going to bookmark it.

There are still some questions to be answered: TLS is the updated version of SSL but SSL is tied to a port?

What Is An SSL Port? A Complete Technical Guide About HTTPS

How Is SSL Different From TLS? TLS (Transport Level Security) is an updated version of SSL. The original SSL protocol was created by Netscape in the year 1995 and it was made public as ‘SSL 2.0’. Since then, updates have been made in order to ensure a powerful and secure connection. In the year 1999, ‘TLS 1.0’ was released which was an update to ‘SSL 3.0’. Since that time, TLS is the primary encryption technology that is used for securing data that is transmitted over the internet connections and SSL. However, as the term ‘SSL’ is more popular, widely known and recognized, the technology is known as SSL.

Basically they are saying if the traffic uses port 443 its a secure connection, which they label ‘SSL’, kind of annoying but whatever.

 photo 5_zpszncxi9yh.png

Im not sure I know what SRTP is or SIPS but I had heard of SIPS so I went with that one. Anyway, I guess I should figure that out.

  • SRTP – Secure Real-time Transport Protocol (SRTP) is a Real-time Transport Protocol (RTP) profile, intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications. Uses AES for encryption.
  • SIPS – a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.[1] SIP is used for signaling and controlling multimedia communication sessions in applications of Internet telephony for voice and video calls, in private IP telephone systems, in instant messaging over Internet Protocol (IP) networks as well as mobile phone calling over LTE (VoLTE).

While SIPS doesn’t seem to indicate that its a secure protocol in its self, it does note that For secure transmissions of SIP messages over insecure network links, the protocol may be encrypted with Transport Layer Security (TLS). For the transmission of media streams (voice, video) the SDP payload carried in SIP messages typically employs the Real-time Transport Protocol (RTP) or the Secure Real-time Transport Protocol (SRTP). which leads me to wonder if all connections are normalcy SIPS on PBX and then using additional encryption methods.

 photo 2_zpsrr6ba2wo.png

First of all, I wasn’t really sure what a Online Certificate Status Protocol (OCSP) was based only on OCSP. However it is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.[1] It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI).[2] Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The “request/response” nature of these messages leads to OCSP servers being termed OCSP responders

So a CRL is a better choice for traffic reduction? I don’t find any thing that seems to indicate is problematic but a CRL does seem to be the standard for this function.

Well, after the long dramatic intro, I’ve learned a few things. Reminded myself of a few thing and overall garnered a stronger idea of what it is I’m looking at with Security+ information and every time I go through and blog this stuff I’m reminded that this is a great cert with tons of information that I want to learn!

More authentication and encryption!

Alright, another day, another day of learning. Exciting times.

 photo 5_zpspxxu0ebx.png

Again, I fail to know enough about these technologies to provide an educated opinion.

  • Open ID Connect – OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework.[1] The standard is controlled by the OpenID Foundation.
  • SAML – The single most important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.[2] (For comparison, the more recent OpenID Connect protocol[3] is an alternative approach to web browser SSO.)
  • XACML – “eXtensible Access Control Markup Language”. The standard defines a declarative fine-grained, attribute-based access control policy language,[2] an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.
  • LDAP – Lightweight Directory Access Protocol (LDAP /’?ldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network
  • OAuth 2.0 – OAuth provides to clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.[3]

So based on the answer Open ID Connect seems really obvious on account of the naming conventions. However normally with an authentication provider there is more detail as to how the process actually works and if the passwords are hashed. So on and so forth. Now, in regards to detail I’m finding my self wanting more. Now looking at SAML its saying that OpenID Connect is basically the same thing. Moving on to XACML, this is a big one. Its not SSO related but has a ton of information and complicated diagrams on how auth requests are processed but nothing about appropriate hashing or encryption. It’s almost like they are going into NAC type of strings. To be honest this is not very helpful other than knowing its not SSO focused and uses some sort of policies that seem overlapping. LDAP, here is says we can use TLS for cert based auth or kerberos. I’m starting to get a grasp on this. It’s honestly so much more fun to actually learn material rather than simply rush through it. Oauth is really straight forward. Inter platform SSO provider.

 photo 1_zps9gnbj1li.png

Well, for starters, anything is better than WEP. Im not really seeing any legacy choices right away but I did pick WPA2 Enterprise. However, I still want to go over this stuff.

  • WEP – a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely in use and was often the first security choice presented to users by router configuration tools.[2][3] In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP-40 and WEP-104 have been deprecated.[4] WEP was the only encryption protocol available to 802.11a and 802.11b devices built before the WPA standard, which was available for 802.11g devices. However, some 802.11b devices were later provided with firmware or software updates to enable WPA, and newer devices had it built in
  • WPA and TKIP – TKIP (the basis of WPA) has reached the end of its designed lifetime, has been partially broken, and had been officially deprecated
  • WPS with a pin – Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. Prior to the standard, several competing solutions were developed by different vendors to address the same need.[1] A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network’s WPA/WPA2 pre-shared key (a.k.a. PSK).[2] Users have been urged to turn off the WPS PIN feature,[3] although this may not be possible on some router models
  • WEP and RC4 – Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5,000 packets. In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP[13] that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as one minute
  • WPA2 Enterprise – IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access II (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard. 802.11i supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have security vulnerabilities. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of a draft of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.[1]

Yeah, once your figure this one out WPS2 Enterprise, which uses AES is clearly the way to go. I guess it is good to learn about legacy stuff but its so much info!!!

 photo 2_zpsoekt1ka6.png

I really don’t understand what file system or operating system uses this stuff and that would be super helpful information. Like, rather than learning random shit what if it was like so your using Solarus as a file share you need to connect over a network via ssh how do you set up the share and permissions. Just a thought. Anyway, lets take a look at this one.

Ok, so the answer does say Linux in it but there are so many flavors! To be honest it does look like something you would find in Linux but its not like a line of code. This is also kind of A cop out because that also would probably vary by flavor. Lots of variables here but it would be more helpful than running into work and describing some sort of completely useless theory of types of permissions.

Oh man, after looking at that last one they are selling me on a Linux+ because that is fun and relevant! Ok, so I was sort of wrong and that the answer is there if you know what your looking at and if you google stuff, there are answers! It’s amazing that research exists.

 photo 3_zpsabmglbnf.png

This question doesn’t make any sense. It says nothing about VDIs but that’s what the answer loops back to. Is a VDI a ‘critical system’ not likely.

 photo 4_zpsba2g1xgn.png

Thats just using infrastructure. Software as a service implies that your using like some application, like Salesforce. Software as a service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. This answer is straight out wrong haha

Anyway, that’s all for today. Guess I should get some sleep.

Wireless authentication ???

All right, spent a lot of time on some stuff last night and I’m still pretty sure that I still have a ways to go before really learning encryption, authentication and hashing. I haven’t made flash cards yet for this new fangled access control stuff (new to me haha). However, today’s a new day so lets get into these things again.

 photo 5_zpswnbu7igw.png

This one is confusing to me. Clearly TLS is encryption, as we figured out yesterday haha so that’s wrong but I was under the assumption that FTPS would use encryption so lets check that out

In explicit mode (also known as FTPES), an FTPS client must “explicitly request” security from an FTPS server and then step up to a mutually agreed encryption method. If a client does not request security, the FTPS server can either allow the client to continue in insecure mode or refuse the connection. The mechanism for negotiating authentication and security with FTP was added under RFC 2228, which included the new FTP command AUTH. While this RFC does not explicitly define any required security mechanisms, e.g. SSL or TLS, it does require the FTPS client to challenge the FTPS server with a mutually known mechanism. If the FTPS client challenges the FTPS server with an unknown security mechanism, the FTPS server will respond to the AUTH command with error code 504 (not supported). Clients may determine which mechanisms are supported by querying the FTPS server with the FEAT command, although servers are not necessarily required to be honest in disclosing what levels of security they support. Common methods of invoking FTPS security included AUTH TLS and AUTH SSL. The explicit method is defined in RFC 4217. In the later versions of the document, FTPS compliance required that clients always negotiate using the AUTH TLS method.

Lol so the term explicit means it asks if you want to encrypt traffic or not. Got it.

 photo 2_zpsgrme8ekv.png

Honestly, I picked the right answer but I think what amounts to running red team exercises as preventative maintenance is not ideal. You should have computer accounts for every PC in your domain and use NAC. Rogue system detection is also a really good idea. The thing that some of these questions seem to imply is that your not using an AD environment, and I get that, but in most companies your not going to be able to authenticate to a WAP without an account. NAC with health checks also solve the issue of patching.

 photo 1_zps25w2pgai.png

Pretty sure I know what obfuscation is but I wanted to go over that one again.

You know, I was hoping to put a simple definition here in italics but that isn’t working so here is a detailed account A question of security: What is obfuscation and how does it work?

Since we are here, lets go over XOR 0xFF, if we can

Nowhere to Hide: Three methods of XOR obfuscation

This is really good and somehow while doing this I’m reminded that I love doing this kind of work and that I’ve been doing it with art and music my entire life. I love research and learning that this points to this which points to this and somehow makes this work. Do you see that there? Looks like this over here, doesn’t it? It makes the world less random to me.

Anyway, it looks like this basically a method of encrypting code. I’m not a coder or anything close to that so I could be misinterpreting.

 photo 3_zpsrliyl8ct.png

First off Diffie-Hellman has nothing to do with this, what so ever. Second, I’m not really sure what the other stuff is haha

  • BCRYPTBesides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
  • Substitution cipher – basically you shift letters, not a hashing method for passwords
  • Elliptic-curve Diffie–Hellman (ECDHE)key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel.[1][2][3] This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography. again, “diffie-hellman has nothing to do with this”
  • PBKDF2In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 2) are key derivation functions with a sliding computational cost, used to reduce vulnerabilities to brute force attacks.

Ok, hopefully I can remember these things because if you know what they are its obvious.

 photo 4_zpsnvc7nfs4.png

Shew, this isn’t as bad as, shit, this is authentication isn’t it? yep. ok. So, at first I was all “i’m not learning all this because I don’t really think I’ll need it but I’m realizing its better to take the time with it to actually learn it.

Not sure if this will really work to individually define these things with links but lets see what we can dig up.


lol, ok so I made a list and then found this which is super helpful and I’m saving it to my book marks bar as it answers a lot of questions and gets me going down the road to learning all these combinations.


There is still a lot to learn and its 9 years old. However, its a solid start. You would think I would be further along with some of this stuff but I’m not.

Well, once again this proved to be more work that I thought it would be. Which might be why I was avoiding doing it and hoping that I would mysteriously know the answers without putting effort in. Unfortunately, that’s not real life.

Back to blogging

I took some time off from this and thought I would be fine to go through the questions I didn’t know and sort of work my way through them. I found that when I got to the part where I didn’t review all of my wrong answers, shockingly, I still didn’t know the right answer so now I have roughly 50 slides that I need to blog. I was kind of feeling tired of going through them but after realizing I probably needed to in order to pass I seemed to have regained my muster to go through them. Going through a bunch of questions and getting them wrong is discouraging and somehow that proves to be a motivator to do a better job as I would actually like to have this cert for a myriad of reasons. Who knows, it isn’t TV and having a lot of certs at the top of a resume seems to be helpful in my case. I’m not saying that’s always the truth or that you have to have them to know what your doing but they sure don’t hurt. The gym is going pretty good but I did sort of start smoking again. So I need to keep up motivation on that. I started playing WoW some too. I seriously miss it but it can be a huge time sink. I guess its all about balance. Anyway, I feel like 5 is maybe too few so I’ll do like 5 sets of 10 for this go round and then finish out the final 80% of the 250 questions that I missed and then go through the ones I missed out of that set again then the entire 250 and see where am at and possibly at that point go through all 700 questions again and hope to be in the mid 90s and then attempt to take the test. I’m feeling like I might fail this one the first go round which is a little scary but I’ll pass it eventually. Honestly, its constant work on keeping up with certs as after this one i’d like to do another but I’m not sure what. Was thinking the CySA+ but maybe not. Anyway, lets get into it.

 photo 3_zpsiz5umdiu.png

I find these hella confusing for some reason and I also find my self wondering what file system uses these because you talk to a windows system admin about this they are going to have no idea what your talking about and ask who needs permissions to what and if they all work together.

  • RBAC – In computer systems security, role-based access control or role-based security is an approach to restricting system access to authorized users.
  • MAC – In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target
  • ABAC – Attribute-based access control, also known as policy-based access control, defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.
  • DAC – In computer security, discretionary access control is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong”

Maybe if I look at enough questions and answers this will make sense because the question does have a compound component to it which does actually makes sense for being ABAC. However the differences between DAC and RBAC seem like the same thing.

 photo 5_zpsk1mh830p.png

You know, looking at this one and realizing that I don’t understand certificates that well makes me think that I should group them into categories to stay consistent. This would require a significant amount of admin overhead however I might keep a running count of what posts are where. Anyway, this one seems like “im not really sure what kind of research I can do with it” but for me there are still some missing pieces. Like I really don’t have this thing nailed down of how encryption and authentication protocols work together? It seems like it should be really obvious but some how I’m still confused. Like SFTP encrypts both authentication information and transmitted information but obviously its not what your using to login with. You use Kerberos to authenticate and the question clearly says ‘data in transit’ implying an encryption protocol and here I’ve selected an authentication protocol clearly indicating I don’t know the difference between the two. Perhaps as I go through these types of authentication and encryption questions I should note if its authentication or encryption and possibly note what type of encryption works with what encryption. I think overtime I’ll understand this but IMO this is the trickiest part of this exam. So, I’m going to make a list of links to these and read about them again. My favorite part is combining the hash functions with the encryption types. woooh boy. This is fun…

  • S/MIME – S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced electronic signature. S/MIME provides the following cryptographic security services for electronic messaging applications: Authentication Message integrity Non-repudiation of origin (using digital signatures) Privacy Data security (using encryption) S/MIME specifies the MIME type application/pkcs7-mime[2] (smime-type “enveloped-data”) for data enveloping (encrypting) where the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.
  • TLS – its now-deprecated predecessor, Secure Sockets Layer (SSL),[1] are cryptographic protocols designed to provide communications security over a computer network.[2] Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
  • SFTP – loops back to SSH and no where is PKI mentioned haha
  • SAML – Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. Used with SSO but has nothing really to do with encryption? Teaching myself this stuff gets confusing

This is the most amount of reading I have spent on a single subject in a while haha

 photo 4_zps4nzxk8h5.png

I’m not really sure what a sponsored guest account is and to be frank, I’m not going to look it up as I understand the idea of it being a short term account that gets cycled out.

 photo 2_zps0a4tsvxj.png

The answer appears to be totally random as I have no idea what Spim is. The obvious choice for me is Impersonation as they are pretending to be the HD however the combo of vishing and impersonation i would accept.

  • Vishing – is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft.
  • Impersonation – The social engineer “impersonates” or plays the role of someone you are likely to trust or obey convincingly enough to fool you into allowing access to your office, to information, or to your information systems.
  • Scareware – malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software. Most often initiated using a pop-up ad, scareware uses social engineering to take advantage of a user’s fear, coaxing them into installing fake anti-virus software

Again, kind of grey area buy honestly how do you vish without pretending to be reliable source?

 photo 1_zps7xfdezzn.png

I’m not entirely sure I understand the question outside of realizing its been issues to an IP but I think the problem is with understanding the answer choices. So i’m going to get into those

  • OSCP – Internet protocol used for obtaining the revocation status of an X.509 digital certificate
  • OID – an identifier mechanism standardized by the International Telecommunications Union (ITU) and ISO/IEC for naming any object, concept, or “thing” with a globally unambiguous persistent name
  • PEM – is a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.”
  • SAN – an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field.[1] These values are called Subject Alternative Names (SANs). Names include

The first choice is the best thing to check. However, how you check with a CRL is another process.

 photo 3_zpsiz5umdiu.png

I have gone over these a million times and should honestly probably make my self flash cards at this point as I;m still unclear on the subtleties however abac stands for access based account control

Ok, I did an unusual amount of reading for this. Usually at this point in my cert studies I can spend about 5 mins on something and get a grasp on it however with access controls and encryption, authentication and hashing (which seems like it should be encryption but it isn’t) things get a little muddy. That said, I am actually trying to learn the material so its worth it to invest in an actual understanding. So I guess what I’m getting at is that my brain is full for the day and I should rest in spite of my goal to get many more than 10 questions done haha.

Website Powered by

Up ↑