CompTIA Security+

Common Hashing Algorithms

Posted on July 21, 2011. Filed under: CompTIA Security+ |

A cryptographic hash function is similar to a checksum. The main difference is that while a checksum is designed to detect accidental alterations in data, a cryptographic hash function is designed to detect deliberate alterations. When data is processed by a cryptographic hash function, a small string of bits, known as a hash, is generated. The slightest change to the message typically makes a large change in the resulting hash. A cryptographic hash function does not require a cryptographic key.

Common Hashing Algorithms include, Message Digest 5 (MD5), Secure Hash Algorithm (SHA).

Message Digest 5 (MD5) is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity. However, it has been shown that MD5 is not collision resistant. cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). most U.S. government applications now require the SHA-2 family of hash functions.

MD5 processes a variable-length message into a fixed-length output of 128 bits.

Firstly, the input message is broken up into chunks of 512-bit blocks; the message is padded so that its length is divisible by 512.

Secondly, a 128-bit state, divided into four 32-bit words, denoted A, B, C and D, are initialized to certain fixed constants.

The main algorithm then operates on each 512-bit message block in turn, each block modifying the state. The processing of a message block consists of four similar stages, termed rounds; each round is composed of 16 similar operations based on a non-linear function F, modular addition, and left rotation. Figure 1 illustrates one operation within a round.

Figure 1. one round of MD5 operation. Mi denotes a 32-bit block of the message input, and Ki denotes a 32-bit constant, different for each operation. left shifts denotes a left bit rotation by s places; s varies for each operation. Addition denotes addition modulo 232

There are four possible functions F; a different one is used in each round:

F(X,Y,Z) = (X\wedge{Y}) \vee (\neg{X} \wedge{Z})
G(X,Y,Z) = (X\wedge{Z}) \vee (Y \wedge \neg{Z})
H(X,Y,Z) = X \oplus Y \oplus Z
I(X,Y,Z) = Y \oplus (X \vee \neg{Z})

\oplus, \wedge, \vee, \neg denote the XOR, AND, OR and NOT operations respectively.

Secure Hash Algorithm (SHA): The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function.

 

SHA-1  processes a variable-length message into a fixed-length output of 160 bits, the process is similar to MD5.

Firstly, the input message is broken up into chunks of 512-bit blocks; the message is padded so that its length is divisible by 512.

Secondly, a 160-bit state, divided into five 32-bit words, denoted A, B, C, D and E, are initialized to certain fixed constants.

The main algorithm then operates on each 512-bit message block in turn, each block modifying the state. The processing of a message block consists of five similar stages, termed rounds; each round is composed of 16 similar operations based on a non-linear function F, modular addition, and left rotation. Figure 2 illustrates one operation within a round.

Figure 2. one round of SHA-1 operation. F is a nonlinear function that varies; left shiftn denotes a left bit rotation by n places; n varies for each operation; Wt is the expanded message word of round t; Kt is the round constant of round t; Addition denotes addition modulo 232

SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits.

SHA-256 and SHA-512 are novel hash functions computed with 32- and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are simply truncated versions of the first two, computed with different initial values.

At this point, we should already understood how MD5, SHA1 works, so I will paste the the processing diagram of SHA2 here without explainations.

Figure 3. One iteration in a SHA-2 family compression function. The blue components perform the following operations:
\operatorname{Ch}(E,F,G) = (E \and F) \oplus (\neg E \and G) \operatorname{Ma}(A,B,C) = (A \and B) \oplus (A \and C) \oplus (B \and C) \Sigma_0(A) = (A\!\ggg\!2) \oplus (A\!\ggg\!13) \oplus (A\!\ggg\!22) \Sigma_1(E) = (E\!\ggg\!6) \oplus (E\!\ggg\!11) \oplus (E\!\ggg\!25)
The bitwise rotation uses different constants for SHA-512. The given numbers are for SHA-256. The red \color{red}\boxplus is an addition modulo 232

 

Algorithm and variant Output size
(bits)
Internal state
size (bits)
Block size
(bits)
Max message
size (bits)
Word size
(bits)
Rounds Operations Collisions
found?
SHA-0 160 160 512 264 − 1 32 80 add, and, or, xor, rotate Yes
SHA-1 Theoretical attack (251)
SHA-2 SHA-256/224 256/224 256 512 264 − 1 32 64 add, and, or, xor, shift, rotate No
SHA-512/384 512/384 512 1024 2128 − 1 64 80

Read Full Post | Make a Comment ( None so far )

Common Asymmetric Key Algorithms

Posted on December 3, 2010. Filed under: CompTIA Security+ |

The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys—a public encryption key and a private decryption key. The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to the recipient. Messages are encrypted with the recipient’s public key and can only be decrypted with the corresponding private key.

Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm.

Popular asymmetric encryption algorithms are RSA, Diffie-Hellman, ElGamal, and ECC.

  • RSA
  • Diffie-Hellman
  • ElGamal
  • ECC
Read Full Post | Make a Comment ( None so far )

Common Symmetric Key Algorithms

Posted on November 24, 2010. Filed under: CompTIA Security+ |

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.

Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits and encrypt them as a single unit.

Some examples of symmetric algorithms include DES, Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

  • For decades, DES (Data Encryption Standard) was the standard block cipher. It maps 64-bit blocks of plaintext into 64-bit blocks of ciphertext using a series of permutations and substitutions. An exclusive-OR is performed on the result with the input, and this sequence is repeated 16 times, using a different ordering of the key bits each time. The key length is, in effect, 56 bits. DES is
  • Over the years, DES was found to be vulnerable, and a stronger variant, called triple-DES, or 3DES, was recommended. Triple DES (3DES ) is a variant of DES. Instead of the single key that DES uses, triple DES uses a “key bundle” which comprises three DES keys, K1, K2 and K3, each of 56 bits. The encryption algorithm is:  ciphertext = EK3(DK2(EK1(plaintext))) I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. Decryption is the reverse: plaintext = DK1(EK2(DK3(ciphertext))) I.e., decrypt with K3encrypt with K2, then decrypt with K1. Each triple encryption encrypts one block of 64 bits of data.

It is easy to see how key complexity affects an algorithm when you look at some of the encryption algorithms that have been broken. The Data Encryption Standard (DES) uses a 56-bit key, allowing 72,000,000,000,000,000 possible values, but it has been broken by modern computers. The Triple DES (3DES) uses a 128-bit key, or 340,000,000,000,000,000,000,000,000,000,000,000,000 possible values. You can see the difference in the possible values, and why 128 bits is generally accepted as the minimum required to protect sensitive information.

Because of the advancement of technology and the progress being made in quickly retrieving DES keys, NIST put out a request for proposals for a new Advanced Encryption Standard (AES). It called for a block cipher using symmetric key cryptography and supporting key sizes of 128, 192, and 256 bits. After evaluation, the NIST had five finalists: MARS, RC6, Rijndael, Serpent, Twofish.

In the fall of 2000, NIST picked Rijndael to be the new AES. It was chosen for its overall security as well as its good performance on limited capacity devices.

AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael can be specified with block and key sizes in any multiple of 32 bits, with a minimum of 128 bits. The blocksize has a maximum of 256 bits, but the keysize has no theoretical maximum.

AES operates on a 4×4 array of bytes, termed the state (versions of Rijndael with a larger block size have additional columns in the state). Most AES calculations are done in a special finite field.

The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.

Here’s an easy to follow AES Rijndael tutorial. To merely pass the CompTIA Security+ test, you may only interested in the last video — the security aspect of AES. If you want to know details of the Rijndael algorithm, you’d better go over all the 5 videos.

  • First step in the encryption process, SubBytes
  • Steps of the encryption process, ShiftRows, MixColumns, and the AddRoundKey steps. Explain how the XOR logic gate works.
  • Explain how the Round Key (a longer version of the original key) gets derived using the Key Schedule from the original, shorter key.
  • Decryption process of AES
  • Security aspects of AES
Read Full Post | Make a Comment ( None so far )

Cipher types

Posted on November 23, 2010. Filed under: CompTIA Security+ |

In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure.

Historical pen and paper ciphers used in the past are sometimes known as classical ciphers. They include simple substitution ciphers and transposition ciphers. For example “GOOD DOG” can be encrypted as “PLLX XLP” where “L” substitutes for “O”, “P” for “G”, and “X” for “D” in the message. Transposition of the letters “GOOD DOG” can result in “DGOGDOO”.

Modern encryption methods can be divided by two criteria: by type of key used, and by type of input data.

By type of key used ciphers are divided into:

  • symmetric key algorithms (Private-key cryptography), where the same key is used for encryption and decryption.
  • asymmetric key algorithms (Public-key cryptography), where two different keys are used for encryption and decryption.

In a symmetric key algorithm (e.g., DES and AES), the sender and receiver must have a shared key set up in advance and kept secret from all other parties; the sender uses this key for encryption, and the receiver uses the same key for decryption. In an asymmetric key algorithm (e.g., RSA), there are two separate keys: a public key is published and enables any sender to perform encryption, while a private key is kept secret by the receiver and enables only him to perform correct decryption.

Type of input ciphers data can be distinguished into two types:

  • block ciphers, which encrypt block of data of fixed size.

A block cipher consists of two paired algorithms, one for encryption, E, and the other for decryption, E−1. Both algorithms accept two inputs: an input block of size n bits and a keyof size k bits, yielding an n-bit output block. For any one fixed key, decryption is the inverse function of encryption, so that

E_K(M) = C \; ; \quad E_K^{-1}(C)=M

for any block M and key KM is termed the plaintext and C the ciphertext.

For each key KEK is a permutation (a bijective mapping) over the set of input blocks. Each key selects one permutation from the possible set of 2n!.

The block size, n, is typically 64 or 128 bits, although some ciphers have a variable block size. One of several modes of operation is generally used along with a padding scheme to allow plaintexts of arbitrary lengths to be encrypted.

Most block ciphers are constructed by repeatedly applying a simpler function. This approach is known as iterated block cipher. Each iteration is termed around, and the repeated function is termed the round function; anywhere between 4 to 32 rounds are typical.

Usually, the round function R takes different round keys Ki as second input, which are derived from the original key:

M_i = R_{K_i}(M_{i-1})

where M0 is the plaintext and Mr the ciphertext, with r being the round number.

Frequently, key whitening is used in addition to this. At the beginning and the end, the data is modified with key material (often with XOR, but simple arithmetic operations like adding and subtracting are also used).

Here is an example video of block cipher:

  • stream ciphers, which encrypt continuous streams of data.

Block ciphers can be contrasted with stream ciphers — a block cipher operates on fixed-length groups of bits, called blocks, with an unvarying transformation; a stream cipher operates on individual digits one at a time, and the transformation varies during the encryption.

Stream ciphers can be viewed as approximating the action of a proven unbreakable cipher, the one-time pad (OTP), sometimes known as the Vernam cipher. A one-time pad uses a key stream of completely random digits. The keystream is combined with the plaintext digits one at a time to form the ciphertext. This system was proved to be secure by Claude Shannon in 1949. However, the keystream must be (at least) the same length as the plaintext, and generated completely at random. This makes the system very cumbersome to implement in practice, and as a result the one-time pad has not been widely used, except for the most critical applications.

A stream cipher makes use of a much smaller and more convenient key — 128 bits, for example. Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad. However, this comes at a cost: because the keystream is now pseudorandom, and not truly random, the proof of security associated with the one-time pad no longer holds: it is quite possible for a stream cipher to be completely insecure.

Read Full Post | Make a Comment ( None so far )

Cryptography Basics

Posted on November 23, 2010. Filed under: CompTIA Security+ |

What is Cryptography? This light-heart video will give you a general feeling about Cryptography.

Cryptography is the practice and study of hiding information, in order to achieve privacyauthenticationdata integrity, and non-repudiation.

A message that is sent in its original form is called plaintext, even though these days it might not be text at all, but an image, for example. The secretly encoded message is called ciphertext, which is what results from the plaintext by applying an encryption algorithm, called a cipher. If the encryption is reversed, the process is called decryption.

  • Symmetric Encryption

Applying a cipher typically requires one more piece of information – that is the key, which must be selected before applying a cipher to encrypt a message. If the same key is used to encrypt and decrypt a message, then we call the algorithm a symmetric encryption scheme. Sharing or distributing the key becomes a challenge. Imagine a group of people want to communicate, they have to create a secret key for each two persons, and the number of secrete keys grow exponentially as more people joins the communication.

  • Asymmetric Encryption

It will be nice to have two keys, one key is used for encryption and another key is used for decryption. A message receiver can then made encryption key publicly available (public key), while hold the decrption key secret (private key). Everyone can then encrypt a plaintext with the public key and send the ciphertext to the message receiver through public network. Hackers who sniffed the ciphertext won’t be able to decrypt it, because only the intended receiver (private key holder) is able to decipher the message.  Such algorithms are called asymmetric encryption schemes. They are also known as Public Key Cryptography algorithms.

  • Hash

A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the “message“, and the hash value is sometimes called the message digest or simply digest. Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication.

If you want to explore further, Here is a pretty comprehensive introduction from Google University.

 

 

Read Full Post | Make a Comment ( None so far )

An Introduction to PKI

Posted on November 17, 2010. Filed under: CompTIA Security+, SANS Dev 541 |

Public key infrastructures (PKIs) are becoming a central security foundation for managing identity credentials in many companies.

So what is a Public Key Infrastructure or PKI? It is a system designed to manage the issue of binding public keys and identities across multiple applications. It’s purpose is to establish a level of trust during digital communication. PKI compose of a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

In technical terms, it is the combination of:

  • a Registration Authority (or RA), in charge of verifying people’s identity and associating that identity with their public key
  • a Certification Authority (or CA), in charge of generating certificates, i.e. signing people’s public key and identity information with its own private key
  • a validation system that can confirm whether a specific certificate produced by this CA is still valid or not (for example, because the associated private key was lost or compromised, or because some information contained within has changed)

The following short video shows how PKI provides web security to the customers of an online pencile store.

Read Full Post | Make a Comment ( None so far )

Overview of security threats and threats mitigation

Posted on November 3, 2010. Filed under: CompTIA Security+ |

Read Full Post | Make a Comment ( None so far )

CompTIA Security+ examination blueprint

Posted on November 3, 2010. Filed under: CompTIA Security+ |

The following list is the example topics and concepts copied from CompTIA Security+ official site.

1.0   Network Security

1.1 Explain the security function and purpose of network devices and

technologies

 Firewalls

 Routers

 Switches

 Load Balancers

 Proxies

 Web security gateways

 VPN concentrators

 NIDS and NIPS (Behavior based, signature based, anomaly based,

heuristic)

 Protocol analyzers

 Sniffers

 Spam filter, all-in-one security appliances

 Web application firewall vs. network firewall

 URL filtering, content inspection, malware inspection

1.2 Apply and implement secure network administration principles

 Rule-based management

 Firewall rules

 VLAN management

 Secure router configuration

 Access control lists

 Port Security

 802.1x

 Flood guards

 Loop protection

 Implicit deny

 Prevent network bridging by network separation

 Log analysis

1.3 Distinguish and differentiate network design elements and compounds

 DMZ

 Subnetting

 VLAN

 NAT

 Remote Access

 Telephony

 NAC

 Virtualization

 Cloud Computing

o Platform as a Service

o Software as a Service

o Infrastructure as a Service

1.4 Implement and use common protocols

 IPSec

 SNMP

 SSH

 DNS

 TLS

 SSL

 TCP/IP

 FTPS

 HTTPS

 SFTP

 SCP

 ICMP

 IPv4 vs. IPv6

1.5 Identify commonly used default network ports

 FTP

 SFTP

 FTPS

 TFTP

 TELNET

 HTTP

 HTTPS

 SCP

 SSH

 NetBIOS

1.6 Implement wireless network in a secure manner

 WPA

 WPA2

 WEP

 EAP

 PEAP

 LEAP

 MAC filter

 SSID broadcast

 TKIP

 CCMP

 Antenna Placement

 Power level controls

2.0   Compliance and Operational Security

2.1 Explain risk related concepts

 Control types

o Technical

o Management

o Operational

 False positives

 Importance of policies in reducing risk

o Privacy policy

o Acceptable use

o Security policy

o Mandatory vacations

o Job rotation

o Separation of duties

o Least privilege

 Risk calculation

o Likelihood

o ALE

o Impact

 Quantitative vs. qualitative

 Risk-avoidance, transference, acceptance, mitigation, deterrence

 Risks associated to Cloud Computing and Virtualization

2.2 Carry out appropriate risk mitigation strategies

 Implement security controls based on risk

 Change management

 Incident management

 User rights and permissions reviews

 Perform routine audits

 Implement policies and procedures to prevent data loss or theft

2.3 Execute appropriate incident response procedures

 Basic forensic procedures

o Order of volatility

o Capture system image

o Network traffic and logs

o Capture video

o Record time offset

o Take hashes

o Screenshots

o Witnesses

o Track man hours and expense

 Damage and loss control

 Chain of custody

 Incident response: first responder

2.4 Explain the importance of security related awareness and training

 Security policy training and procedures

 Personally identifiable information

 Information classification: Sensitivity of data (hard or soft)

 Data labeling, handling and disposal

 Compliance with laws, best practices and standards

 User habits

o Password behaviors

o Data handling

o Clean desk policies

o Prevent tailgating

o Personally owned devices

 Threat awareness

o New viruses

o Phishing attacks

o Zero days exploits

 Use of social networking and P2P

2.5 Compare and contrast aspects of business continuity

 Business impact analysis

 Removing single points of failure

 Business continuity planning and testing

 Continuity of operations

 Disaster recovery

 IT contingency planning

 Succession planning

2.6 Explain the impact and proper use of environmental controls

 HVAC

 Fire suppression

 EMI shielding

 Hot and cold aisles

 Environmental monitoring

 Temperature and humidity controls

 Video monitoring

2.7 Execute disaster recovery plans and procedures

 Backup / backout contingency plans or policies

 Backups, execution and frequency

 Redundancy and fault tolerance

o Hardware

o RAID

o Clustering

o Load balancing

o Servers

 High availability

 Cold site, hot site, warm site

 Mean time to restore, mean time between failures, recovery time objectives

and recovery point objectives

2.8 Exemplify the concepts of confidentiality, integrity and availability (CIA)

3.0   Threats and Vulnerabilities

3.1 Analyze and differentiate among types of malware

 Adware

 Virus

 Worms

 Spyware

 Trojan

 Rootkits

 Backdoors

 Logic bomb

 Botnets

3.2 Analyze and differentiate among types of attacks

 Man-in-the-middle

 DDoS

 DoS

 Replay

 Smurf attack

 Spoofing

 Spam

 Phishing

 Spim

 Vishing

 Spear phishing

 Xmas attack

 Pharming

 Privilege escalation

 Malicious insider threat

 DNS poisoning and ARP poisoning

 Transitive access

 Client-side attacks

3.3 Analyze and differentiate among types of social engineering attacks

 Shoulder surfing

 Dumpster diving

 Tailgating

 Impersonation

 Hoaxes

 Whaling

 Vishing

3.4 Analyze and differentiate among types of wireless attacks

 Rogue access points

 Interference

 Evil twin

 War driving

 Bluejacking

 Bluesnarfing

 War chalking

 IV attack

 Packet sniffing

3.5 Analyze and differentiate among types of application attacks

 Cross-site scripting

 SQL injection

 LDAP injection

 XML injection

 Directory traversal/command injection

 Buffer overflow

 Zero day

 Cookies and attachments

 Malicious add-ons

 Session hijacking

 Header manipulation

3.6 Analyze and differentiate among types of mitigation and deterrent techniques

 Manual bypassing of electronic controls

o Failsafe/secure vs. failopen

 Monitoring system logs

o Event logs

o Audit logs

o Security logs

o Access logs

 Physical security

o Hardware locks

o Mantraps

o Video surveillance

o Fencing

o Proximity readers

o Access list

 Hardening

o Disabling unnecessary services

o Protecting management interfaces and applications

o Password protection

o Disabling unnecessary accounts

 Port security

o MAC limiting and filtering

o 802.1x

o Disabling unused ports

 Security posture

o Initial baseline configuration

o Continuous security monitoring

o remediation

 Reporting

o Alarms

o Alerts

o Trends

 Detection controls vs. prevention controls

o IDS vs. IPS

o Camera vs. guard

3.7 Implement assessment tools and techniques to discover security threats and

vulnerabilities

 Vulnerability scanning and interpret results

 Tools

o Protocol analyzer

o Sniffer

o Vulnerability scanner

o Honeypots

o Honeynets

o Port scanner

 Risk calculations

o Threat vs. likelihood

 Assessment types

o Risk

o Threat

o Vulnerability

 Assessment technique

o Baseline reporting

o Code review

o Determine attack surface

o Architecture

o Design reviews

3.8 Within the realm of vulnerability assessments, explain the proper use of

penetration testing versus vulnerability scanning

 Penetration testing

o Verify a threat exists

o Bypass security controls

o Actively test security controls

o Exploiting vulnerabilities

 Vulnerability scanning

o Passively testing security controls

o Indentify vulnerability

o Indentify lack of security controls

o Indentify common misconfiguration

 Black box

 White box

 Gray box

4.0   Application, Data and Host Security

4.1 Explain the importance of application security

 Fuzzing

 Secure coding concepts

o Error and exception handling

o Input validation

 Cross-site scripting prevention

 Cross-site Request Forgery (XSRF) prevention

 Application configuration baseline (proper settings)

 Application hardening

 Application patch management

4.2 Carry out appropriate procedures to establish host security

 Operating system security and settings

 Anti-malware

o Anti-virus

o Anti-spam

o Anti-spyware

o Pop-up blockers

o Host-based firewalls

 Patch management

 Hardware security

o Cable locks

o Safe

o Locking cabinets

 Host software baselining

 Mobile devices

o Screen lock

o Strong password

o Device encryption

o Remote wipe/sanitation

o Voice encryption

o GPS tracking

 Virtualization

4.3 Explain the importance of data security

 Data Loss Prevention (DLP)

 Data encryption

o Full disk

o Database

o Individual files

o Removable media

o Mobile devices

 Hardware based encryption devices

o TPM

o HSM

o USB encryption

o Hard drive

 Cloud computing

5.0   Access Control and Identity Management

5.1 Explain the function and purpose of authentication services

 RADIUS

 TACACS

 TACACS+

 Kerberos

 LDAP

 XTACACS

5.2 Explain the fundamental concepts and best practices related to authentication,

authorization and access control

 Identification vs. authentication

 Authentication (single factor) and authorization

 Multifactor authentication

 Biometrics

 Tokens

 Common access card

 Personal identification verification card

 Smart card

 Least privilege

 Separation of duties

 Single sign on

 ACLs

 Access control

 Mandatory access control

 Discretionary access control

 Role/rule-based access control

 Implicit deny

 Time of day restrictions

 Trusted OS

 Mandatory vacations

 Job rotation

5.3 Implement appropriate security controls when performing account

management

 Mitigates issues associated with users with multiple account/roles

 Account policy enforcement

o Password complexity

o Expiration

o Recovery

o Length

o Disablement

o Lockout

 Group based privileges

 User assigned privileges

6.0   Cryptography

6.1 Summarize general cryptography concepts

 Symmetric vs. asymmetric

 Fundamental differences and encryption methods

o Block vs. stream

 Transport encryption

 Non-repudiation

 Hashing

 Key escrow

 Steganography

 Digital signatures

 Use of proven technologies

 Elliptic curve and quantum cryptography

6.2 Use and apply appropriate cryptographic tools and products

 WEP vs. WPA/WPA2 and preshared key

 MD5

 SHA

 RIPEMD

 AES

 DES

 3DES

 HMAC

 RSA

 RC4

 One-time-pads

 CHAP

 PAP

 NTLM

 NTLMv2

 Blowfish

 PGP/GPG

 Whole disk encryption

 TwoFish

 Comparative strengths of algorithms

 Use of algorithms with transport encryption

o SSL

o TLS

o IPSec

o SSH

o HTTPS

6.3 Explain the core concepts of public key infrastructure

 Certificate authorities and digital certificates

o CA

o CRLs

 PKI

 Recovery agent

 Public key

 Private key

 Registration

 Key escrow

 Trust models

 

6.4 Implement PKI, certificate management and associated components

 Certificate authorities and digital certificates

o CA

o CRLs

 PKI

 Recovery agent

 Public key

 Private keys

 Registration

 Key escrow

 Trust models


 

Read Full Post | Make a Comment ( None so far )

The six domains of Security

Posted on November 3, 2010. Filed under: CompTIA Security+ |

Six domain areas are measured by CompATI Security+ exam:

1.0  Network Security  21%

2.0  Compliance and Operational Security 18%

3.0  Threats and Vulnerabilities 21%

4.0  Application, Data and Host Security 16%

5.0  Access Control and Identity Management 13%

6.0  Cryptography 11%

For more detailed lists, check the CompTIA Security+ exam blue print.

Read Full Post | Make a Comment ( None so far )

802.1X

Posted on November 3, 2010. Filed under: CompTIA Security+ |

Read Full Post | Make a Comment ( None so far )

« Previous Entries

Liked it here?
Why not try sites on the blogroll...