CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Wednesday, July 14, 2021

CompTIA Security+ practice quesions

 

Posted by at No comments:

Monday, April 12, 2021

CompTIA A+ Questions

 Here are CompTIA A+ Questions, more to be added daily

Posted by at No comments:

Sunday, April 11, 2021

CompTIA Security+ Questions

We will add new questions each day


Posted by at No comments:

Saturday, November 28, 2020

Blue, Red, White, & Purple Teams explained

 Organization Security Exercise Types

An organization will use its own security people for training purposes to learn how to defend against an attack. There are a couple different scenarios that can be implemented. Pit a Red Team against a Blue Team, the other is to allow both teams to share information.

Red Team: This team acts as the aggressor, they will attempt to break into the network without sharing information with the Blue Team.

Blue Team: This team is the defensive team that attempts to detect and prevent any infiltration.

White Team: Sets the roles of engagements and monitors the exercise.
This team also will be the arbitrator and can stop the exercise at any point it becomes destructive.

Purple Team: In this type of exercise the Red and Blue teams share information and collaborate throughout the exercise. 
Posted by at No comments:
Labels: , , ,

Friday, November 27, 2020

DNS Record Types to know for the exam

 DNS RECORD TYPES

Make sure you know the following DNA record types for this exam and how they are used:

A: host (IPv4). Maps the name to an IPv4 address.

AAAA: host (IPv6) Maps the name to an IPv6 address.

CNAME: (Canonical Name): Alias. Example: Sites that use www as the hostname of a webserver might call it something different internally such as Dallwebserver1.

MX: Mail Exchanger. This is used for an email server.

NS: Name Server. Provides a list of the authoritative DNS servers responsible for the domain that you are trying to query.

PTR: Pointer. This is a reverse record, it resolves IPv4 or IPv6 addresses to domain names.

SOA: Start of Authority. Keeps track of all of the DNS changes to help with replication.

TXT: Text. Stores descriptive information about the domain in a text format. 

SPF: Sender Policy Framework. This helps prevent spammers from sending emails from your domain, using the email addresses of your email servers. 

Posted by at No comments:
Labels: , , , , , , ,

Thursday, November 26, 2020

What is HSTS?

 HSTS


HSTS (HTTP Strict Transport Security)

This is enabled on the webserver. It is designed to prevent downgrade attacks such as SSL stripping and Man-in-the-Middle attacks. Even if the user enters HTTP into the URL the connection will either be blocked or if configured on the webserver it will automatically connect using HTTPS.

Posted by at No comments:
Labels: ,

Tuesday, November 24, 2020

WIRELESS AUTHENTICATION METHODS

WIRELESS AUTHENTICATION METHODS


These authenticate the device only. These devices do not use TLS as this is only used with certificates. Do not use a username only a password (PSK).

 WEP (Wired Equivalent Privacy)

·       Built on RC4 – uses a 24-bit IV – PSK (Pre-Shared Key)

·       Prone to IV (Initialization Vector) attack

 

WPA (Wi-Fi Protected Access)

·       Built on RC4 – uses TKIP (Temporal Key Integrity Protocol)

·       Personal Mode (PSK) or Enterprise Mode (with RADIUS)

·       The PSK is prone to brute force attacks

 

WPA2 (Wi-Fi Protected Access 2)

·       Built on AES – uses CCMP

·       Personal Mode (PSK) or Enterprise Mode (with RADIUS)

·       The PSK is prone to brute force attacks

·       AES replaced RC4, CCMP replaced TKIP

 

WPA3 (Wi-Fi Protected Access 3)

  • Built on GCMP-256 (Galois/Counter Mode Protocol)
  • Replaces PSK with SAE (Simultaneous Authentication of Equals)

 

WPS (Wi-Fi Protected Setup)

  • Connection normally used with a pushbutton
  • If there is no push button, use the 8-digit PIN on the bottom of the AP
  • Prone to a brute force attack, can be broken in less than 11,000 attempt
  • Tools used for cracking WPS: Reaver, Wifite, Wash 

 

The following authenticate the user and require certificates. When using certificates you must use TLS.

 

Enterprise Mode / 802.1x Authentication

  • Using this method requires a RADIUS server
  • Authentication can be accomplished with a username & password, smart card, or token
  • Authentication is used against an enterprise directory service / AAA server / RADIUS
  • 802.1x requires a Supplicant, Authenticator, and Authentication server (AAA / RADIUS) 

 

EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)

  • Certificates required on both the server and wireless device (Supplicant)
  • Provides mutual authentication
  • Authenticates the user – uses an enterprise directory service

 

EAP-TTLS (Extensible Authentication Protocol – Tunneled Transport Layer Security)

  • Certificate on the server only
  • Authenticates the user - uses an enterprise directory service
  • End-to-end protection of authentication credentials

 

PEAP (Protected Extensible Authentication Protocol)

  • Certificate on the server only
  • Uses TLS
  • Authenticates the user – uses an enterprise directory service
  • End-to-end protection of authentication credentials

 

The following authenticate the user and do not use certificates

 

LEAP (Lightweight Extensible Authentication Protocol)

  • Does not require certificates
  • Replaced with EAP-FAST

 

EAP-FAST (Flexible Authentication via Secure Tunneling)

  • Does not use certificates
  • Replaced LEAP


 

The following is RADIUS federation

 

Multiple organizations allow access to one another’s users

Uses the native 802.1x client (Supplicant)

Each organization has a RADIUS server and joins a mesh

Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)