This blog is here to help those preparing for CompTIA exams. This is designed to help the exam candidate to understand the concepts, rather than trust a brain dump.
CompTIA Security+ Exam Notes
Saturday, November 28, 2020
Blue, Red, White, & Purple Teams explained
Friday, November 27, 2020
DNS Record Types to know for the exam
DNS RECORD TYPES
Make sure you know the following DNA record types for this exam and how they are used:
A: host (IPv4). Maps the name to an IPv4 address.
AAAA: host (IPv6) Maps the name to an IPv6 address.
CNAME: (Canonical Name): Alias. Example: Sites that use www as the hostname of a webserver might call it something different internally such as Dallwebserver1.
MX: Mail Exchanger. This is used for an email server.
NS: Name Server. Provides a list of the authoritative DNS servers responsible for the domain that you are trying to query.
PTR: Pointer. This is a reverse record, it resolves IPv4 or IPv6 addresses to domain names.
SOA: Start of Authority. Keeps track of all of the DNS changes to help with replication.
TXT: Text. Stores descriptive information about the domain in a text format.
SPF: Sender Policy Framework. This helps prevent spammers from sending emails from your domain, using the email addresses of your email servers.
Thursday, November 26, 2020
What is HSTS?
HSTS
HSTS (HTTP Strict Transport Security)
This is enabled on the webserver. It is designed to prevent downgrade attacks such as SSL stripping and Man-in-the-Middle attacks. Even if the user enters HTTP into the URL the connection will either be blocked or if configured on the webserver it will automatically connect using HTTPS.
Tuesday, November 24, 2020
WIRELESS AUTHENTICATION METHODS
WIRELESS AUTHENTICATION METHODS
These
authenticate the device only. These devices do not use TLS as this is only used
with certificates. Do not use a username only a password (PSK).
· Built on RC4 – uses a
24-bit IV – PSK (Pre-Shared Key)
· Prone to IV (Initialization
Vector) attack
WPA
(Wi-Fi Protected Access)
· Built on RC4 – uses
TKIP (Temporal Key Integrity Protocol)
· Personal Mode (PSK) or
Enterprise Mode (with RADIUS)
· The PSK is prone to
brute force attacks
WPA2
(Wi-Fi Protected Access 2)
· Built on AES – uses
CCMP
· Personal Mode (PSK) or
Enterprise Mode (with RADIUS)
· The PSK is prone to brute
force attacks
· AES replaced RC4, CCMP
replaced TKIP
WPA3
(Wi-Fi Protected Access 3)
- Built on GCMP-256 (Galois/Counter Mode Protocol)
- Replaces PSK with SAE (Simultaneous Authentication of Equals)
WPS
(Wi-Fi Protected Setup)
- Connection normally used with a pushbutton
- If there is no push button, use the 8-digit PIN on the bottom of the AP
- Prone to a brute force attack, can be broken in less than 11,000 attempt
- Tools used for cracking WPS: Reaver, Wifite, Wash
The following
authenticate the user and require certificates. When using certificates you
must use TLS.
Enterprise Mode / 802.1x Authentication
- Using this method requires a RADIUS server
- Authentication can be accomplished with a username & password, smart card, or token
- Authentication is used against an enterprise directory service / AAA server / RADIUS
- 802.1x requires a Supplicant, Authenticator, and Authentication server (AAA / RADIUS)
EAP-TLS
(Extensible Authentication Protocol-Transport Layer Security)
- Certificates required on both the server and wireless device (Supplicant)
- Provides mutual authentication
- Authenticates the user – uses an enterprise directory service
EAP-TTLS
(Extensible Authentication Protocol – Tunneled Transport Layer Security)
- Certificate on the server only
- Authenticates the user - uses an enterprise directory service
- End-to-end protection of authentication credentials
PEAP
(Protected Extensible Authentication Protocol)
- Certificate on the server only
- Uses TLS
- Authenticates the user – uses an enterprise directory service
- End-to-end protection of authentication credentials
The following
authenticate the user and do not use certificates
LEAP
(Lightweight Extensible Authentication Protocol)
- Does not require certificates
- Replaced with EAP-FAST
EAP-FAST
(Flexible Authentication via Secure Tunneling)
- Does not use certificates
- Replaced LEAP
The following
is RADIUS federation
Multiple
organizations allow access to one another’s users
Uses
the native 802.1x client (Supplicant)
Each
organization has a RADIUS server and joins a mesh
Saturday, August 29, 2020
Facebook Group for study help.
CompTIA Exam Certification Study Group
I have started a Facebook group to help individuals pass the CompTIA exams; A+, Network+, Security+, and soon to come CySA+. Included will be explanations on different concepts. This will be a place for questions that they are unsure if the answers are correct and explanations.
Below is the link to join the group.
https://www.facebook.com/groups/2411609635806164/?epa=SEARCH_BOX
Thursday, April 23, 2020
Mission Essential Functions / Critical Systems
Wednesday, April 22, 2020
Media Sanitization Methods - Hard Drive / Paper
If the goal is for the media never to be reused, there are three methods (for mechanical drives, not solid-state)
1. One method is shredding. You would need to disassemble the drive and take the platters and run them through a shredder.
2. The other method is to use powerful magnets, this is typically done with a piece of specialized machinery that can be quite costly. If you had several dives, the degaussing method is the fastest of the two options.
3. Another method is to use pulverizing where a machine crushes the drive to destroy all components and the data is unrecoverable.
If the plan is to repurpose the drives the best method is to employ a disk wiping/overwriting program. It is better to use a program that writes random patterns of ones and zeroes. There are specialized tools that can still recover data if all you use is the zero-filling approach. Wiping is also known as purging.
Formatting will not help with wiping data. All it does is remove the reference to the data.
Solid State Drives sometimes come with a built-in data sanitization tool. Degaussing will not work on SSD's.
Best to use a cross-cut shredder. Some of these devices are rated down to the size of the cut it makes.
Another method is that some high-security organizations will add water to the paper after it has been shredded. This displaces the ink. This is known as "Pulping."
You can also burn paper documents. We did this in the military. Since the information we had was considered Top Secret, we burned the paper in an incinerator that had a screen at the top to keep the ashes from floating off. Then we pulverized the ashes.
Monday, April 20, 2020
Identity and Authentication Factors
Sunday, April 19, 2020
Certificates - PKI (Public Key Infrastructure)
Types of Certificates
Saturday, April 18, 2020
SSL/TLS Accelerator vs SSL Decryptor
Hashing Algorithms: MD5, SHA, RIPEMD, & HMAC
HASHING
Hashing is used for many reasons:
1. The most common and widely used methods are with passwords. When an individual login to the PC their password is hashed and matched against the hashes that are stored if it matches the user is authenticated.
2. Sometimes hashing is used to make sure financial records have not been changed. This process can be performed daily, weekly, or monthly. This is referred to as "file integrity monitoring."
3. File integrity monitoring can be used to check the hash value of image files. If the "hash value has changed" on website images, or other images being sent or stored at the organization, then the most likely explanation is someone is using "steganography" to hide stolen data.
4. Running a file integrity program to check configuration files on network devices to compare them to the previous week or months hashes to look for changes.
5. Vendors sometimes provide these for applications, patches, and updates to verify you received the entire download or that it has not been modified. You would need to run a hashing algorithm to see if the hash matches that on the website.